Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Remove Sonatype Lift from Dependency-Update-Tool check #3559

Closed
hayleycd opened this issue Oct 11, 2023 · 4 comments · Fixed by #3605
Closed

Feature: Remove Sonatype Lift from Dependency-Update-Tool check #3559

hayleycd opened this issue Oct 11, 2023 · 4 comments · Fixed by #3605
Labels
Check/Dependency-Update-Tool kind/enhancement New feature or request

Comments

@hayleycd
Copy link

Is your feature request related to a problem? Please describe.
Sonatype Lift has been retired, but it still shows up as a dependency update tool option.

Describe the solution you'd like
I don't know if projects that had installed Sonatype Lift are still getting scores that reflect using a tool, but if they are that should probably be changed. A good first step would be to remove Sonatype Lift from the documentation, which currently has a dead link.

I'm not sure if this is better suited for a bug report or a feature request. Apologies if this ended up in the wrong bucket.
@hayleycd hayleycd added the kind/enhancement New feature or request label Oct 11, 2023
@gabibguti
Copy link
Contributor

Hi hayley! Thanks for sharing that info. I'm leaving a +1 here to remove Sonatype both from the documentation and code as a valid Dependency-Update-Tool. I'm in a triager role so let's wait to see what the maintainers and other users think.

@spencerschrock
Copy link
Member

spencerschrock commented Oct 19, 2023
edited
Loading

Removing from the checks documentation seems like something that can be done immediately.

Removing the code is a use case to consider for structured results and deprecated probes. @laurentsimon what do you think from a probe perspective?

  1. Should the code to detect it in rawdata remain, but remove it from our default scoring/policy?
  2. Should we also remove the detection code, and have the probe always return outcome negative?
  3. Should the rawdata + probe be removed?

Since we haven't released probes yet, it's not like anyone has a policy on it yet. I think 3 works. If probes were released, I think either 1 or 2 could be viable options.

@spencerschrock
Copy link
Member

Option 2 could pass along a deprecation notice as well. If we wanted an OutcomeDeprecated or something?

@laurentsimon
Copy link
Contributor

Removing from the checks documentation seems like something that can be done immediately.

Removing the code is a use case to consider for structured results and deprecated probes. @laurentsimon what do you think from a probe perspective?

  1. Should the code to detect it in rawdata remain, but remove it from our default scoring/policy?
  2. Should we also remove the detection code, and have the probe always return outcome negative?
  3. Should the rawdata + probe be removed?

Since we haven't released probes yet, it's not like anyone has a policy on it yet. I think 3 works. If probes were released, I think either 1 or 2 could be viable options.

(3) works for me too.

@spencerschrock spencerschrock mentioned this issue Oct 24, 2023
Merged
2 tasks
@spencerschrock spencerschrock mentioned this issue Jun 5, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Check/Dependency-Update-Tool kind/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🐛 remove sonatype lift as a recognized dep update tool spencerschrock/scorecard
4 participants
@spencerschrock @hayleycd @gabibguti @laurentsimon