/clomonitor

CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices

Primary LanguageTypeScriptApache License 2.0Apache-2.0

CLOMonitor

CI Gitpod Ready-to-Code

CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices.

Checks

CLOMonitor runs sets of checks periodically on all the repositories registered in the database. These checks are run every hour, provided the repository has changed since the last time it was checked. In the case of repositories that don't change often, we make sure that they are checked at least once a day anyway. This way we keep reports up to date with the latest checks additions and improvements.

Checks are organized in check sets. Each check set defines a number of checks that will be run on the repository and one or more check sets can be applied to a single repository. At the moment the following sets are supported: code, code-lite, community and docs. Please see the checks documentation for more details.

Linter CLI

The CLOMonitor's linter can also be run locally or from CI workflows. You can build it from source using Cargo, the Rust package manager:

cargo install --git https://github.com/cncf/clomonitor clomonitor-linter

Alternatively, you can use the published Docker image. An example of how to integrate CLOMonitor's linter with Github Actions can be found in the Artifact Hub repository.

CLOMonitor delegates some of the security checks to OpenSSF Scorecard, so you'll need to install it before running clomonitor-linter locally. Both CLOMonitor and OpenSSF Scorecard use the Github GraphQL API for some checks, which requires authentication. A Github token (with public_repo scope) must be provided via the GITHUB_TOKEN environment variable to authenticate those requests.

$ export GITHUB_TOKEN=<your token>

$ clomonitor-linter --help
clomonitor-linter
Checks repository to verify it meets certain project health best practices

USAGE:
    clomonitor-linter [OPTIONS] --path <PATH> --url <URL>

OPTIONS:
        --check-set <CHECK_SET>      Sets of checks to run [default: code community] [possible
                                     values: code, code-lite, community, docs]
        --format <FORMAT>            Output format [default: table] [possible values: json, table]
    -h, --help                       Print help information
        --pass-score <PASS_SCORE>    Linter pass score [default: 75]
        --path <PATH>                Repository local path (used for checks that can be done
                                     locally)
        --url <URL>                  Repository url [https://github.com/org/repo] (used for some
                                     GitHub remote checks)
    -V, --version                    Print version information

Contributing

Please see CONTRIBUTING.md for more details.

You can find some general information about how to work on this repo in the architecture and the development environment setup documents.

Code of Conduct

This project follows the CNCF Code of Conduct.

License

CLOMonitor is an Open Source project licensed under the Apache License 2.0.