📖 Update bestpractices links (ossf#3448)

Signed-off-by: Fred Gan <[email protected]> Signed-off-by: Allen Shearin <[email protected]>
kgangerlm · Nov 13, 2023 · b879617 · b879617
1 parent 03b17f5
commit b879617
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # OpenSSF Scorecard
 
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard/badge)](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
-[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5621/badge)](https://bestpractices.coreinfrastructure.org/projects/5621)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/5621/badge)](https://www.bestpractices.dev/projects/5621)
 ![build](https://github.com/ossf/scorecard/workflows/build/badge.svg?branch=main)
 ![CodeQL](https://github.com/ossf/scorecard/workflows/CodeQL/badge.svg?branch=main)
 [![Go Reference](https://pkg.go.dev/badge/github.com/ossf/scorecard/v4.svg)](https://pkg.go.dev/github.com/ossf/scorecard/v4)
@@ -472,7 +472,7 @@ Name        | Description                               | Risk Level | Token Req
 [Binary-Artifacts](docs/checks.md#binary-artifacts)             | Is the project free of checked-in binaries?     | High               | PAT, GITHUB_TOKEN   | Supported |
 [Branch-Protection](docs/checks.md#branch-protection)           | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ?                                                                                                                                                                       | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN    | Supported (see notes) | certain settings are only supported with a maintainer PAT
 [CI-Tests](docs/checks.md#ci-tests)                             | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)?                                                                                                                                         | Low | PAT, GITHUB_TOKEN   | Supported
-[CII-Best-Practices](docs/checks.md#cii-best-practices)         | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org) at the passing, silver, or gold level?                                                                                                                                                                 | Low  | PAT, GITHUB_TOKEN   | Validating |
+[CII-Best-Practices](docs/checks.md#cii-best-practices)         | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://www.bestpractices.dev) at the passing, silver, or gold level?                                                                                                                                                                 | Low  | PAT, GITHUB_TOKEN   | Validating |
 [Code-Review](docs/checks.md#code-review)                       | Does the project practice code review before code is merged?                                                                                                                                                                                                                                                                 | High | PAT, GITHUB_TOKEN   | Validating |
 [Contributors](docs/checks.md#contributors)                     | Does the project have contributors from at least two different organizations?                                                                                                                                                                                                                                                | Low | PAT, GITHUB_TOKEN   | Validating |
 [Dangerous-Workflow](docs/checks.md#dangerous-workflow)         | Does the project avoid dangerous coding patterns in GitHub Action workflows?                                                                                                                                                                                                                                                 | Critical | PAT, GITHUB_TOKEN   | Unsupported |

diff --git a/clients/cii_client.go b/clients/cii_client.go
@@ -34,7 +34,7 @@ const (
 )
 
 // BadgeLevel corresponds to CII-Best-Practices badge levels.
-// https://bestpractices.coreinfrastructure.org/en
+// https://www.bestpractices.dev/en
 type BadgeLevel uint
 
 // String returns a string value for BadgeLevel enum.

diff --git a/clients/cii_http_client.go b/clients/cii_http_client.go
@@ -49,7 +49,7 @@ func (transport *expBackoffTransport) RoundTrip(req *http.Request) (*http.Respon
 // GetBadgeLevel implements CIIBestPracticesClient.GetBadgeLevel.
 func (client *httpClientCIIBestPractices) GetBadgeLevel(ctx context.Context, uri string) (BadgeLevel, error) {
 	repoURI := fmt.Sprintf("https://%s", uri)
-	url := fmt.Sprintf("https://bestpractices.coreinfrastructure.org/projects.json?url=%s", repoURI)
+	url := fmt.Sprintf("https://www.bestpractices.dev/projects.json?url=%s", repoURI)
 	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
 	if err != nil {
 		return Unknown, fmt.Errorf("error during http.NewRequestWithContext: %w", err)

diff --git a/cron/internal/cii/main.go b/cron/internal/cii/main.go
@@ -29,7 +29,7 @@ import (
 	"github.com/ossf/scorecard/v4/cron/data"
 )
 
-const ciiBaseURL = "https://bestpractices.coreinfrastructure.org/projects.json"
+const ciiBaseURL = "https://www.bestpractices.dev/projects.json"
 
 type ciiPageResp struct {
 	RepoURL    string `json:"repo_url"`

diff --git a/docs/checks.md b/docs/checks.md
@@ -165,25 +165,25 @@ If a project's system was not detected and you think it should be, please
 
 Risk: `Low` (possibly not following security best practices)
 
-This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/) at the passing, silver, or gold level.
+This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://www.bestpractices.dev/) at the passing, silver, or gold level.
 The OpenSSF Best Practices badge indicates whether or not that the project uses a set of security-focused best development practices for open
 source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
 
 The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
-full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a significant achievement for projects and requires multiple developers in the project.
+full credit to projects that meet the [gold criteria](https://www.bestpractices.dev/criteria/2), which is a significant achievement for projects and requires multiple developers in the project.
 Lower scores represent a project that has met the silver criteria, met the passing criteria, or is working to achieve the passing badge, with increasingly more points awarded as more criteria are met. Note that even meeting the passing criteria is a significant achievement.
 
-- [gold badge](https://bestpractices.coreinfrastructure.org/criteria/2): 10
-- [silver badge](https://bestpractices.coreinfrastructure.org/criteria/1): 7
-- [passing badge](https://bestpractices.coreinfrastructure.org/criteria/0): 5
+- [gold badge](https://www.bestpractices.dev/criteria/2): 10
+- [silver badge](https://www.bestpractices.dev/criteria/1): 7
+- [passing badge](https://www.bestpractices.dev/criteria/0): 5
 - in progress badge: 2
 
 Some of these criteria overlap with other Scorecard checks.
 However, note that in those overlapping cases, Scorecard can only report what it can automatically detect, while the OpenSSF Best Practices badge can report on claims and claim justifications from people (this counters false negatives and positives but has the challenge of requiring additional work from people).
 
 
 **Remediation steps**
-- Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/).
+- Sign up for the [OpenSSF Best Practices program](https://www.bestpractices.dev/).
 
 ## Code-Review 
 

diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml
@@ -263,24 +263,24 @@ checks:
     description: |
       Risk: `Low` (possibly not following security best practices)
 
-      This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/) at the passing, silver, or gold level.
+      This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://www.bestpractices.dev/) at the passing, silver, or gold level.
       The OpenSSF Best Practices badge indicates whether or not that the project uses a set of security-focused best development practices for open
       source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
 
       The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
-      full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a significant achievement for projects and requires multiple developers in the project.
+      full credit to projects that meet the [gold criteria](https://www.bestpractices.dev/criteria/2), which is a significant achievement for projects and requires multiple developers in the project.
       Lower scores represent a project that has met the silver criteria, met the passing criteria, or is working to achieve the passing badge, with increasingly more points awarded as more criteria are met. Note that even meeting the passing criteria is a significant achievement.
 
-      - [gold badge](https://bestpractices.coreinfrastructure.org/criteria/2): 10
-      - [silver badge](https://bestpractices.coreinfrastructure.org/criteria/1): 7
-      - [passing badge](https://bestpractices.coreinfrastructure.org/criteria/0): 5
+      - [gold badge](https://www.bestpractices.dev/criteria/2): 10
+      - [silver badge](https://www.bestpractices.dev/criteria/1): 7
+      - [passing badge](https://www.bestpractices.dev/criteria/0): 5
       - in progress badge: 2
 
       Some of these criteria overlap with other Scorecard checks.
       However, note that in those overlapping cases, Scorecard can only report what it can automatically detect, while the OpenSSF Best Practices badge can report on claims and claim justifications from people (this counters false negatives and positives but has the challenge of requiring additional work from people).
     remediation:
       - >-
-        Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/).
+        Sign up for the [OpenSSF Best Practices program](https://www.bestpractices.dev/).
   Code-Review:
     risk: High
     tags: supply-chain, security, source-code, code-reviews