feat: add JSON Schema validations for the OpenSSF Scorecard results

Author: UlisesGascon

__tests__/schemas.test.js

@@ -1,5 +1,5 @@
-const { sampleGithubOrg, sampleGithubListOrgRepos, sampleGithubRepository } = require('../__fixtures__')
-const { validateGithubOrg, validateGithubListOrgRepos, validateGithubRepository } = require('../src/schemas')
+const { sampleGithubOrg, sampleGithubListOrgRepos, sampleGithubRepository, sampleOSSFScorecardResult } = require('../__fixtures__')
+const { validateGithubOrg, validateGithubListOrgRepos, validateGithubRepository, validateOSSFResult } = require('../src/schemas')
 
 describe('schemas', () => {
   describe('validateGithubOrg', () => {
@@ -53,4 +53,19 @@ describe('schemas', () => {
       expect(() => validateGithubRepository(invalidData)).toThrow()
     })
   })
+  describe('validateOSSFResult', () => {
+    test('Should not throw an error with valid data', () => {
+      expect(() => validateOSSFResult(sampleOSSFScorecardResult)).not.toThrow()
+    })
+
+    test('Should not throw an error with additional data', () => {
+      const additionalData = { ...sampleOSSFScorecardResult, additionalKey: 'value' }
+      expect(() => validateOSSFResult(additionalData)).not.toThrow()
+    })
+
+    test('Should throw an error with invalid data', () => {
+      const invalidData = { ...sampleOSSFScorecardResult, score: '123' }
+      expect(() => validateOSSFResult(invalidData)).toThrow()
+    })
+  })
 })

src/schemas/index.js

@@ -3,6 +3,7 @@ const addFormats = require('ajv-formats')
 const githubOrganizationSchema = require('./githubOrganization.json')
 const githubListOrgReposSchema = require('./githubListOrgRepos.json')
 const githubRepositorySchema = require('./githubRepository.json')
+const ossfScorecardResultSchema = require('./ossfScorecardResult.json')
 
 const ajv = new Ajv()
 addFormats(ajv)
@@ -39,8 +40,19 @@ const validateGithubRepository = (data) => {
   return null
 }
 
+const validateOSSFResult = (data) => {
+  const validate = ajv.compile(ossfScorecardResultSchema)
+  const valid = validate(data)
+  if (!valid) {
+    const readableErrors = getReadableErrors(validate)
+    throw new Error(`Error when validating the OSSF Scorecard result: ${readableErrors}`)
+  }
+  return null
+}
+
 module.exports = {
   validateGithubOrg,
   validateGithubListOrgRepos,
-  validateGithubRepository
+  validateGithubRepository,
+  validateOSSFResult
 }

src/schemas/ossfScorecardResult.json

@@ -0,0 +1,85 @@
+{
+    "title": "OpenSSF Scorecard Result",
+    "description": "OpenSSF Scorecard Result for a project",
+    "type": "object",
+    "properties": {
+      "date": {
+        "type": "string",
+        "format": "date-time",
+        "examples": ["2024-12-11T23:55:17Z"]
+      },
+      "repo": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "type": "string",
+            "examples": ["github.com/octocat/Hello-World"]
+          },
+          "commit": {
+            "type": "string",
+            "examples": ["e739f419e56442b754e4fea6dbcf98c1c8d00dda"]
+          }
+        }
+      },
+      "scorecard": {
+        "type": "object",
+        "properties": {
+          "version": {
+            "type": "string",
+            "examples": ["v5.0.0"]
+          },
+          "commit": {
+            "type": "string",
+            "examples": ["ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"]
+          }
+        }
+      },
+      "score": {
+        "type": "number",
+        "examples": [6]
+      },
+      "checks": {
+        "type": ["array", "null"],
+        "items": {
+          "type": "object",
+          "properties": {
+            "details": {
+              "type": ["string", "null"],
+              "examples": [null]
+            },
+            "score": {
+              "type": "number",
+              "examples": [10]
+            },
+            "reason": {
+              "type": "string",
+              "examples": ["no binaries found in the repo"]
+            },
+            "name": {
+              "type": "string",
+              "examples": ["Binary-Artifacts"]
+            },
+            "documentation": {
+              "type": "object",
+              "properties": {
+                "url": {
+                  "type": "string",
+                  "format": "uri",
+                  "examples": [
+                    "https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"
+                  ]
+                },
+                "short": {
+                  "type": "string",
+                  "examples": [
+                    "Determines if the project has generated executable (binary) artifacts in the source repository."
+                  ]
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+