Hi,
I'm new here so I apologize if this isn't the right place to post this. The doc directs one here for discussion but the low traffic makes me wonder...
On trying scorecard against the main Hyperledger Fabric repo I discovered that we had a syntax error in one of our CI scripts which led scorecard to give up on the whole Pinned-Dependencies check.
I'm thankful for scorecard uncovering the problem which allowed me to fix it but I'd like to know if the current behavior - giving up - is really the desired behavior.
Admittedly I don't know yet how the scoring is done and what the general philosophy is with regard to faulty files but rather than abandoning the test entirely it would seem desirable to continue in a case where a file can't be successfully parsed and maybe issue a warning and/or lower the score somehow.
The source code has an interesting comment showing that this isn't the first time this kind of situation has been met:
I'd appreciate if someone could tell me whether this is just a know problem that is meant to be addressed later on or what.
Thank you.
--
Arnaud Le Hors - Senior Technical Staff Member - Open Technologies: Blockchain, Edge Computing, Web - IBM