Announcement

Collapse
No announcement yet.

Open Source Security Foundation's Criticality Score 2.0 Debuts To Rank Important OSS Projects

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Open Source Security Foundation's Criticality Score 2.0 Debuts To Rank Important OSS Projects

    Phoronix: Open Source Security Foundation's Criticality Score 2.0 Debuts To Rank Important OSS Projects

    Back in 2020 Google and the Open-Source Security Foundation (OpenSSF) came up with a "Criticality Score" to rank the importance/criticality of open-source projects. The Criticality Score is a means of quantifying the importance of an open-source project such as if in need of funding or development assistance. Criticality Score 2.0 has now been published...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Code:
    2023-02-24 14:28:53.277 INFO    Preparing default scorer
    2023-02-24 14:28:53.286 ERROR   Failed to create collector      {"error": "init deps.dev source: failed to create bigquery client: bigquery: constructing client: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information."}
    main.main
            /home/foobar/go/pkg/mod/github.com/ossf/[email protected]/cmd/criticality_score/main.go:160
    runtime.main
            /snap/go/10050/src/runtime/proc.go:250 zz0.ntbwfuuqbngzz
    Cool I guess. Why do I need Google credentials for an app to calculate the score of a GITHUB (Microsoft) repo? Or do the authors need one? But why? What does Google have to do with anything? And why can't I skip it?
    Last edited by anarki2; 24 February 2023, 09:39 AM.

    Comment


    • #3
      Originally posted by anarki2 View Post
      Cool I guess. Why do I need Google credentials for an app to calculate the score of a GITHUB (Microsoft) repo? Or do the authors need one? But why? What does Google have to do with anything? And why can't I skip it?
      And why can't you RTFM?

      Comment


      • #4
        Originally posted by xnor View Post
        And why can't you RTFM?
        Can you answer the question?

        Btw. I read the manual, it makes no explanation whatsoever.

        Comment


        • #5
          Originally posted by anarki2 View Post
          What does Google have to do with anything? And why can't I skip it?
          They just created the whole thing, that's what they have to do with it.

          Comment


          • #6
            Originally posted by jacob View Post

            They just created the whole thing, that's what they have to do with it.
            Oh! Then it's okay to ask me for stuff that's completely irrelevant to the application, nevermind!

            Comment


            • #7
              Originally posted by anarki2 View Post
              What does Google have to do with anything?
              Probably something to do with this:

              If you're interested in seeing a list of critical projects with their criticality score, we publish them in csv format and a BigQuery dataset.‚Äč
              At least, that's what I gather from the "failed to create bigquery client" in the error you quoted.

              Comment


              • #8
                With v2.0, the Criticality Score software has been rewritten in the Go programming language rather than Python.
                Wow, lateral progress.

                Maybe in 3.0 they can consider writing it in a language that isn't a joke.

                Comment


                • #9
                  Originally posted by Ironmask View Post

                  Wow, lateral progress.

                  Maybe in 3.0 they can consider writing it in a language that isn't a joke.
                  Go is much easier to deploy than Python. That may be their primary focus.

                  Comment


                  • #10
                    Originally posted by ssokolow View Post

                    Go is much easier to deploy than Python. That may be their primary focus.
                    While that's true, I'm assuming it's less due to that and more due to Google being involved.
                    Besides, if they wanted deployability, they might have gone with a language with a less insane package manager.

                    Comment

                    Working...
                    X