[Technical Initiative Funding Request]: OpenSSF Scorecard Free Azure Subscription for DevOps Testing

[GeauxJD]

Technical Initiative

OpenSSF Scorecard

Lifecycle Phase

incubating

Funding amount

$0

Problem Statement

The Scorecard team is working to extend functionality and coverage to Azure DevOps with a pipelines task similar to its existing GitHub action. It needs a free tier subscription in order to setup and maintain end-to-end testing of the feature.

Who does this affect?

Scorecard developers

Have there been previous attempts to resolve the problem?

The team requested OpenSSF staff to setup a free subscription but LF IT advised that any cloud services, even if free, need to be managed as a funding request due to risk of accounts converting in the future to incur charges unexpectedly.

Why should it be tackled now and by this TI?

The feature is ready for testing and donation into the project as noted here ossf/scorecard#4519

Give an idea of what is required to make the funding initiative happen

From the project maintainers:

"I think this is all doable with any Microsoft Account. It would be good for OpenSSF staff to hold an account that is an "owner" of the Azure DevOps Oranization then could invite the Scorecard maintainers as members of the org. Free tier is all we need"

What is going to be needed to deliver this funding initiative?

OpenSSF staff / LF PMO team to manage an Azure account and add the scorecard maintainers as members of the org, keeping within the free tier.

Are there tools or tech that still need to be produced to facilitate the funding initiative?

no

Give a summary of the requirements that contextualize the costs of the funding initiative

The team requested OpenSSF staff to setup a free subscription, but LF IT advised that any cloud services, even if free, need to be managed as a funding request due to risk of accounts converting in the future to incur charges unexpectedly.

Who is responsible for doing the work of this funding initiative?

jamie.magee@gmail.com

Who is accountable for doing the work of this funding initiative?

jamie.magee@gmail.com

If the responsible or accountable parties are no longer available, what is the backup contact or plan?

jlm@jlm.name

What license is this funding initiative being used under?

Apache License 2.0

Code of Conduct

• I agree to follow the OpenSSF's Code of Conduct

List the major milestones by date and identify the overall timeline within which the technical initiative plans to accomplish their goals. Any payments for services, sponsorships, etc., will require LF Legal and Financial review.

By the end of quarter 2 of 2025, this new feature will be fully tested and merged into the scorecard project as a new feature ossf/scorecard#4519

If this is a request for funding to issue a contract, then OpenSSF will issue that contract. Please provide a Statement of Work (SOW) that we may review. Any contracting action will take 4-6 weeks to issue.

n/a

[bobcallaway]

+1 to doing this ensuring we have staff engaged to help manage continuity of credentials here.

[riaankleinhans]

/vote

[git-vote]

Vote created

@riaankleinhans has called for a vote on [Technical Initiative Funding Request]: OpenSSF Scorecard Free Azure Subscription for DevOps Testing (#452).

The members of the following teams have binding votes:

Team
@ossf/tac

Non-binding votes are also appreciated as a sign of support!

How to vote

You can cast your vote by reacting to this comment. The following reactions are supported:

In favor	Against	Abstain
👍	👎	👀

Please note that voting for multiple options is not allowed and those votes won't be counted.

The vote will be open for 1month 11days 13h 26m 24s. It will pass if at least 70% of the users with binding votes vote In favor 👍. Once it's closed, results will be published here as a new comment.