refactored the implemented classes for OpenSSFMetric providers; reviewed the OpenSSF thresholds

Author: alizard0

workspaces/scorecard/examples/openssf-scorecard-only.yaml

@@ -0,0 +1,14 @@
+---
+# Component with OpenSSF Scorecard
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: rhdh-plugins
+  annotations:
+    github.com/project-slug: redhat-developer/rhdh-plugins
+    openssf/project: redhat-developer/rhdh-plugins
+    backstage.io/source-location: url:https://github.com/redhat-developer/rhdh-plugins
+spec:
+  type: service
+  owner: guests
+  lifecycle: experimental

workspaces/scorecard/packages/backend/src/index.ts

@@ -20,8 +20,9 @@ const backend = createBackend();
 
 backend.add(import('@backstage/plugin-app-backend'));
 backend.add(import('@backstage/plugin-proxy-backend'));
-backend.add(import('@backstage/plugin-scaffolder-backend'));
-backend.add(import('@backstage/plugin-scaffolder-backend-module-github'));
+// TODO: Temporarily disabled - isolated-vm native module build issue
+// backend.add(import('@backstage/plugin-scaffolder-backend'));
+// backend.add(import('@backstage/plugin-scaffolder-backend-module-github'));
 backend.add(import('@backstage/plugin-techdocs-backend'));
 
 // auth plugin
@@ -33,9 +34,10 @@ backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
 
 // catalog plugin
 backend.add(import('@backstage/plugin-catalog-backend'));
-backend.add(
-  import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
-);
+// TODO: Temporarily disabled - depends on scaffolder
+// backend.add(
+//   import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
+// );
 
 // See https://backstage.io/docs/features/software-catalog/configuration#subscribing-to-catalog-errors
 backend.add(import('@backstage/plugin-catalog-backend-module-logs'));

workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/index.ts

@@ -20,4 +20,4 @@
  * @packageDocumentation
  */
 
-export { scorecardModuleOpenSSF as default } from './module';
+export { scorecardOpenSFFModule as default } from './module';

workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/AbstractMetricProvider.ts

@@ -47,11 +47,11 @@ export abstract class AbstractMetricProvider
     this.thresholds = thresholds ?? DEFAULT_NUMBER_THRESHOLDS;
   }
 
-  protected abstract getMetricName(): string;
+  abstract getMetricName(): string;
 
-  protected abstract getMetricDisplayTitle(): string;
+  abstract getMetricDisplayTitle(): string;
 
-  protected abstract getMetricDescription(): string;
+  abstract getMetricDescription(): string;
 
   getProviderDatasourceId(): string {
     return 'openssf';

workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/DefaultOpenSSFMetricProvider.test.ts

@@ -0,0 +1,54 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {
+  createDefaultOpenSSFMetricProviders,
+  DefaultOpenSSFMetricProvider,
+} from './DefaultOpenSSFMetricProvider';
+import { OPENSSF_METRICS, OPENSSF_THRESHOLDS } from './OpenSSFConfig';
+
+describe('DefaultOpenSSFMetricProviderTests', () => {
+  it('should create a default OpenSSF metric provider', () => {
+    const provider = new DefaultOpenSSFMetricProvider(
+      OPENSSF_METRICS[0],
+      OPENSSF_THRESHOLDS,
+    );
+    expect(provider.getMetricDisplayTitle()).toBe(
+      OPENSSF_METRICS[0].displayTitle,
+    );
+    expect(provider.getMetricDescription()).toBe(
+      OPENSSF_METRICS[0].description,
+    );
+    expect(provider.getMetricThresholds()).toBe(OPENSSF_THRESHOLDS);
+  });
+
+  it('should create a default OpenSSF metric provider with custom thresholds', () => {
+    const provider = new DefaultOpenSSFMetricProvider(
+      OPENSSF_METRICS[0],
+      OPENSSF_THRESHOLDS,
+    );
+    expect(provider).toBeDefined();
+  });
+
+  it('should create all default OpenSSF metric providers', () => {
+    const providers = createDefaultOpenSSFMetricProviders(OPENSSF_THRESHOLDS);
+    expect(providers.length).toBe(OPENSSF_METRICS.length);
+    for (const provider of providers) {
+      expect(provider).toBeInstanceOf(DefaultOpenSSFMetricProvider);
+      expect(provider.getMetricThresholds()).toBe(OPENSSF_THRESHOLDS);
+    }
+  });
+});

workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/DefaultOpenSSFMetricProvider.ts

@@ -0,0 +1,58 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { ThresholdConfig } from '@red-hat-developer-hub/backstage-plugin-scorecard-common';
+import { MetricProvider } from '@red-hat-developer-hub/backstage-plugin-scorecard-node';
+import { AbstractMetricProvider } from './AbstractMetricProvider';
+import { OPENSSF_METRICS } from './OpenSSFConfig';
+
+/**
+ * Default metric provider for OpenSSF Security Scorecards.
+ * Extracts a specific check from the OpenSSF scorecard response based on the provided configuration.
+ */
+export class DefaultOpenSSFMetricProvider extends AbstractMetricProvider {
+  constructor(
+    private readonly config: OpenSSFMetricConfig,
+    thresholds?: ThresholdConfig,
+  ) {
+    super(thresholds);
+  }
+
+  getMetricName(): string {
+    return this.config.name;
+  }
+
+  getMetricDisplayTitle(): string {
+    return this.config.displayTitle;
+  }
+
+  getMetricDescription(): string {
+    return this.config.description;
+  }
+}
+
+/**
+ * Creates all default OpenSSF metric providers.
+ * @param thresholds Optional threshold configuration to apply to all providers
+ * @returns Array of OpenSSF metric providers
+ */
+export function createDefaultOpenSSFMetricProviders(
+  thresholds?: ThresholdConfig,
+): MetricProvider<'number'>[] {
+  return OPENSSF_METRICS.map(
+    config => new DefaultOpenSSFMetricProvider(config, thresholds),
+  );
+}

…etricProviders/openSSFMetricProviders.ts …ssf/src/metricProviders/OpenSSFConfig.tsworkspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/openSSFMetricProviders.ts renamed to workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/OpenSSFConfig.ts workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/openSSFMetricProviders.ts renamed to workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/metricProviders/OpenSSFConfig.ts

@@ -15,13 +15,11 @@
  */
 
 import { ThresholdConfig } from '@red-hat-developer-hub/backstage-plugin-scorecard-common';
-import { MetricProvider } from '@red-hat-developer-hub/backstage-plugin-scorecard-node';
-import { AbstractMetricProvider } from './AbstractMetricProvider';
 
 /**
  * Configuration for an OpenSSF metric provider.
  */
-interface OpenSSFMetricConfig {
+export interface OpenSSFMetricConfig {
   /** The name of the OpenSSF check (e.g., "Maintained", "Code-Review") */
   name: string;
   /** Display title for the metric (e.g., "OpenSSF Maintained") */
@@ -33,7 +31,7 @@ interface OpenSSFMetricConfig {
 /**
  * All available OpenSSF Security Scorecard metrics.
  */
-const OPENSSF_METRICS: OpenSSFMetricConfig[] = [
+export const OPENSSF_METRICS: OpenSSFMetricConfig[] = [
   {
     name: 'Binary-Artifacts',
     displayTitle: 'OpenSSF Binary Artifacts',
@@ -144,40 +142,10 @@ const OPENSSF_METRICS: OpenSSFMetricConfig[] = [
   },
 ];
 
-/**
- * Configurable metric provider for OpenSSF Security Scorecards.
- * Extracts a specific check from the OpenSSF scorecard response based on the provided configuration.
- */
-class ConfigurableMetricProvider extends AbstractMetricProvider {
-  constructor(
-    private readonly config: OpenSSFMetricConfig,
-    thresholds?: ThresholdConfig,
-  ) {
-    super(thresholds);
-  }
-
-  protected getMetricName(): string {
-    return this.config.name;
-  }
-
-  protected getMetricDisplayTitle(): string {
-    return this.config.displayTitle;
-  }
-
-  protected getMetricDescription(): string {
-    return this.config.description;
-  }
-}
-
-/**
- * Creates all OpenSSF metric providers.
- * @param thresholds Optional threshold configuration to apply to all providers
- * @returns Array of OpenSSF metric providers
- */
-export function createOpenSSFMetricProviders(
-  thresholds?: ThresholdConfig,
-): MetricProvider<'number'>[] {
-  return OPENSSF_METRICS.map(
-    config => new ConfigurableMetricProvider(config, thresholds),
-  );
-}
+export const OPENSSF_THRESHOLDS: ThresholdConfig = {
+  rules: [
+    { key: 'error', expression: '<2' },
+    { key: 'warning', expression: '2-7' },
+    { key: 'success', expression: '>7' },
+  ],
+};

workspaces/scorecard/plugins/scorecard-backend-module-openssf/src/module.ts

@@ -15,9 +15,10 @@
  */
 import { createBackendModule } from '@backstage/backend-plugin-api';
 import { scorecardMetricsExtensionPoint } from '@red-hat-developer-hub/backstage-plugin-scorecard-node';
-import { createOpenSSFMetricProviders } from './metricProviders/openSSFMetricProviders';
+import { createDefaultOpenSSFMetricProviders } from './metricProviders/DefaultOpenSSFMetricProvider';
+import { OPENSSF_THRESHOLDS } from './metricProviders/OpenSSFConfig';
 
-export const scorecardModuleOpenSSF = createBackendModule({
+export const scorecardOpenSFFModule = createBackendModule({
   pluginId: 'scorecard',
   moduleId: 'openssf',
   register(reg) {
@@ -26,8 +27,10 @@ export const scorecardModuleOpenSSF = createBackendModule({
         metrics: scorecardMetricsExtensionPoint,
       },
       async init({ metrics }) {
-        // Register all OpenSSF metric providers
-        metrics.addMetricProvider(...createOpenSSFMetricProviders());
+        // Register all default OpenSSF metric providers
+        metrics.addMetricProvider(
+          ...createDefaultOpenSSFMetricProviders(OPENSSF_THRESHOLDS),
+        );
       },
     });
   },