Contributors

ID

openssf_scorecard/contributors

Severity

info

Category

Levels

Optional

true

Tags

source-code

Description

Does the project have contributors from at least two different organizations?

This check tries to determine if the project has recent contributors from multiple organizations.

Reference: OpenSSF Scorecard - Contributors.

Rationale

This check provides insight into which organizations have contributed, so that a trust-based decision based on that information can be made.

Some projects cannot meet this requirement, such as small projects with only one active participant, or projects with a narrow scope that cannot attract the interest of multiple organizations. See Code Reviews for more information about evaluating projects with a small number of participants.

Verification

The check looks at the Company field on the GitHub user profile for authors of recent commits. To receive the highest score, the project must have had contributors from at least 3 different companies in the last 30 commits; each of those contributors must have had at least 5 commits in the last 30 commits.

Remediation

Contributors should join their respective organizations, if they have not already. Otherwise, there is no remediation for this check.

Small Print

It is currently limited to repositories hosted on GitHub, and does not support other source hosting repositories.