ossf · justaugustus · Dec 1, 2022 · Nov 4, 2022 · Nov 29, 2022 · Nov 30, 2022
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
-# Contributing to Security Scorecards
+# Contributing to OpenSSF Scorecard
 
-Thank you for contributing your time and expertise to the Security Scorecards
+Thank you for contributing your time and expertise to the OpenSSF Scorecard
 project. This document describes the contribution guidelines for the project.
 
 **Note:** Before you start contributing, you must read and abide by our

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Security Scorecards
+# OpenSSF Scorecard
 
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard/badge)](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard)
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5621/badge)](https://bestpractices.coreinfrastructure.org/projects/5621)
@@ -14,24 +14,24 @@
 
 ## Overview
 
--   [What Is Scorecards?](#what-is-scorecards)
--   [Prominent Scorecards Users](#prominent-scorecards-users)
--   [Scorecards' Public Data](#public-data)
+-   [What Is Scorecard?](#what-is-scorecard)
+-   [Prominent Scorecard Users](#prominent-scorecard-users)
+-   [Scorecard' Public Data](#public-data)
 
-## Using Scorecards
+## Using Scorecard
 
--   [Scorecards GitHub Action](#scorecards-github-action)
--   [Scorecards REST API](#scorecards-rest-api)
--   [Scorecards Badges](#scorecards-badges)
--   [Scorecards Command Line Interface](#scorecards-command-line-interface)
+-   [Scorecard GitHub Action](#scorecard-github-action)
+-   [Scorecard REST API](#scorecard-rest-api)
+-   [Scorecard Badges](#scorecard-badges)
+-   [Scorecard Command Line Interface](#scorecard-command-line-interface)
     -   [Prerequisites](#prerequisites)
     -   [Installation](#installation)
     -   [Authentication](#authentication)
     -   [Basic Usage](#basic-usage)
 
 ## Checks
 
--   [Default Scorecards Checks](#scorecard-checks)
+-   [Default Scorecard Checks](#scorecard-checks)
 -   [Detailed Check Documentation](docs/checks.md) (Scoring Criteria, Risks, and
     Remediation)
 
@@ -42,9 +42,9 @@
 
 -   [Report Problems](#report-problems)
 -   [Code of Conduct](CODE_OF_CONDUCT.md)
--   [Contribute to Scorecards ](CONTRIBUTING.md)
+-   [Contribute to Scorecard ](CONTRIBUTING.md)
 -   [Add a New Check](checks/write.md)
--   [Connect with the Scorecards Community](#connect-with-the-scorecards-community)
+-   [Connect with the Scorecard Community](#connect-with-the-scorecard-community)
 -   [Report a Security Issue](SECURITY.md)
 
 ## FAQ
@@ -53,20 +53,20 @@
 
 ## Overview
 
-### What is Scorecards?
-We created Scorecards to help open source maintainers improve their security
+### What is Scorecard?
+We created Scorecard to help open source maintainers improve their security
 best practices and to help open source consumers judge whether their dependencies
 are safe.
 
-Scorecards is an automated tool that assesses a number of important heuristics
+Scorecard is an automated tool that assesses a number of important heuristics
 [("checks")](#scorecard-checks) associated with software security and assigns
 each check a score of 0-10. You can use these scores to understand specific
 areas to improve in order to strengthen the security posture of your project.
 You can also assess the risks that dependencies introduce, and make informed
 decisions about accepting these risks, evaluating alternative solutions, or
 working with the maintainers to make improvements.
 
-The inspiration for Scorecards’ logo:
+The inspiration for Scorecard’s logo:
 ["You passed! All D's ... and an A!"](https://youtu.be/rDMMYT3vkTk)
 
 #### Project Goals
@@ -77,10 +77,10 @@ The inspiration for Scorecards’ logo:
 1.  Use this data to proactively improve the security posture of the critical
     projects the world depends on.
 
-### Prominent Scorecards Users
+### Prominent Scorecard Users
 
-Scorecards has been run on thousands of projects to monitor and track security
-metrics. Prominent projects that use Scorecards include:
+Scorecard has been run on thousands of projects to monitor and track security
+metrics. Prominent projects that use Scorecard include:
 
 -   [Tensorflow](https://github.com/tensorflow/tensorflow)
 -   [Angular](https://github.com/angular/angular)
@@ -90,7 +90,7 @@ metrics. Prominent projects that use Scorecards include:
 
 ### Public Data
 
-We run a weekly Scorecards scan of the 1 million most critical open source
+We run a weekly Scorecard scan of the 1 million most critical open source
 projects judged by their direct dependencies and publish the results in a
 [BigQuery public dataset](https://cloud.google.com/bigquery/public-data).
 
@@ -128,29 +128,29 @@ send a Pull Request with others. Currently, this list is derived from **projects
 hosted on GitHub ONLY**. We do plan to expand them in near future to account for
 projects hosted on other source control systems.
 
-## Using Scorecards
+## Using Scorecard
 
-### Scorecards GitHub Action
+### Scorecard GitHub Action
 
-The easiest way to use Scorecards on GitHub projects you own is with the
-[Scorecards GitHub Action](https://github.com/ossf/scorecard-action). The Action
+The easiest way to use Scorecard on GitHub projects you own is with the
+[Scorecard GitHub Action](https://github.com/ossf/scorecard-action). The Action
 runs on any repository change and issues alerts that maintainers can view in the
-repository’s Security tab. For more information, see the Scorecards GitHub
+repository’s Security tab. For more information, see the Scorecard GitHub
 Action
 [installation instructions](https://github.com/ossf/scorecard-action#installation).
 
-### Scorecards REST API
+### Scorecard REST API
 
 To query pre-calculated scores of OSS projects, use the [REST API](https://api.securityscorecards.dev).
 
 To enable your project to be available on the REST API, set
 [`publish_results: true`](https://github.com/ossf/scorecard-action/blob/dd5015aaf9688596b0e6d11e7f24fff566aa366b/action.yaml#L35)
-in the Scorecards GitHub Action setting.
+in the Scorecard GitHub Action setting.
 
-### Scorecards Badges
+### Scorecard Badges
 
 Enabling [`publish_results: true`](https://github.com/ossf/scorecard-action/blob/dd5015aaf9688596b0e6d11e7f24fff566aa366b/action.yaml#L35)
-in Scorecards GitHub Actions also allows maintainers to display a Scorecard badge on their repository to show off their
+in Scorecard GitHub Actions also allows maintainers to display a Scorecard badge on their repository to show off their
 hard work. This badge also auto-updates for every change made to the repository.
 To include a badge on your project's repository, simply add the following markdown to your README:
 
@@ -159,18 +159,18 @@ To include a badge on your project's repository, simply add the following markdo
 Scorecard](https://api.securityscorecards.dev/projects/github.com/{owner}/{repo}/badge)](https://api.securityscorecards.dev/projects/github.com/{owner}/{repo})
 ```
 
-### Scorecards Command Line Interface
+### Scorecard Command Line Interface
 
-To run a Scorecards scan on projects you do not own, use the command line
+To run a Scorecard scan on projects you do not own, use the command line
 interface installation option.
 
 #### Prerequisites
 
-Platforms: Currently, Scorecards supports OSX and Linux platforms. If you are
+Platforms: Currently, Scorecard supports OSX and Linux platforms. If you are
 using a Windows OS you may experience issues. Contributions towards supporting
 Windows are welcome.
 
-Language: You must have GoLang installed to run Scorecards
+Language: You must have GoLang installed to run Scorecard
 (https://golang.org/doc/install)
 
 #### Installation
@@ -183,15 +183,15 @@ Language: You must have GoLang installed to run Scorecards
 docker pull gcr.io/openssf/scorecard:stable
 ```
 
-To use a specific scorecards version (e.g., v3.2.1), run:
+To use a specific scorecard version (e.g., v3.2.1), run:
 
 ```shell
 docker pull gcr.io/openssf/scorecard:v3.2.1
 ```
 
 ##### Standalone
 
-To install Scorecards as a standalone:
+To install Scorecard as a standalone:
 
 Visit our latest [release page](https://github.com/ossf/scorecard/releases/latest) and
 download the correct zip file for your operating system.
@@ -263,7 +263,7 @@ These variables can be obtained from the GitHub
 
 ##### Using repository URL
 
-Scorecards can run using just one argument, the URL of the target repo:
+Scorecard can run using just one argument, the URL of the target repo:
 
 ```shell
 $ scorecard --repo=github.com/ossf-tests/scorecard-check-branch-protection-e2e
@@ -360,7 +360,7 @@ The `GITHUB_AUTH_TOKEN` has to be set to a valid [token](#Authentication)
 docker run -e GITHUB_AUTH_TOKEN=token gcr.io/openssf/scorecard:stable --show-details --repo=https://github.com/ossf/scorecard
 ```
 
-To use a specific scorecards version (e.g., v3.2.1), run:
+To use a specific scorecard version (e.g., v3.2.1), run:
 
 ```shell
 docker run -e GITHUB_AUTH_TOKEN=token gcr.io/openssf/scorecard:v3.2.1 --show-details --repo=https://github.com/ossf/scorecard
@@ -404,7 +404,7 @@ RESULTS
 ##### Using a Package manager
 
 For projects in the `--npm`, `--pypi`, or `--rubygems` ecosystems, you have the
-option to run Scorecards using a package manager. Provide the package name to
+option to run Scorecard using a package manager. Provide the package name to
 run the checks on the corresponding GitHub source code.
 
 For example, `--npm=angular`.
@@ -461,15 +461,15 @@ remediation steps, check out the [checks documentation page](docs/checks.md).
 
 ### Aggregate Score
 Each individual check returns a score of 0 to 10, with 10 representing the best
-possible score. Scorecards also produces an aggregate score, which is a
+possible score. Scorecard also produces an aggregate score, which is a
 weight-based average of the individual checks weighted by risk.
 
 *   “Critical” risk checks are weighted at 10
 *   “High” risk checks are weighted at 7.5
 *   “Medium” risk checks are weighted at 5
 *   “Low” risk checks are weighted at 2.5
 
-See the [list of current Scorecards checks](#scorecard-checks) for each check's
+See the [list of current Scorecard checks](#scorecard-checks) for each check's
 risk level.
 
 ## Contribute
@@ -481,7 +481,7 @@ If you have what looks like a bug, please use the
 you file an issue, please search existing issues to see if your issue is already
 covered.
 
-### Contribute to Scorecards
+### Contribute to Scorecard
 
 Before contributing, please follow our [Code of Conduct](CODE_OF_CONDUCT.md).
 
@@ -492,9 +492,9 @@ contribute to the project.
 
 If you'd like to add a check, please see guidance [here](checks/write.md).
 
-### Connect with the Scorecards Community
+### Connect with the Scorecard Community
 
-If you want to get involved in the Scorecards community or have ideas you'd like
+If you want to get involved in the Scorecard community or have ideas you'd like
 to chat about, we discuss this project in the
 [OSSF Best Practices Working Group](https://github.com/ossf/wg-best-practices-os-developers)
 meetings.
@@ -529,4 +529,4 @@ To report a security issue, please follow instructions [here](SECURITY.md).
 
 ### FAQ
 
-See the [FAQ](docs/faq.md) for answers to Frequently Asked Questions about Scorecards.
+See the [FAQ](docs/faq.md) for answers to Frequently Asked Questions about Scorecard.
@@ -102,7 +102,7 @@ func runCheck() (policy.PolicyResult, error) {
 		}
 	}
 
-	repoResult, err := pkg.RunScorecards(
+	repoResult, err := pkg.RunScorecard(
 		ctx,
 		repo,
 		commitSHA,
@@ -114,7 +114,7 @@ func runCheck() (policy.PolicyResult, error) {
 		vulnsClient,
 	)
 	if err != nil {
-		return policy.Fail, fmt.Errorf("RunScorecards: %w", err)
+		return policy.Fail, fmt.Errorf("RunScorecard: %w", err)
 	}
 
 	result, err := attestationPolicy.EvaluateResults(&repoResult.RawResults)

@@ -36,10 +36,10 @@ import (
 )
 
 const (
-	scorecardLong = "A program that shows security scorecard for an open source software."
+	scorecardLong = "A program that shows the OpenSSF scorecard for an open source software."
 	scorecardUse  = `./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems}=<package_name>)
 	 [--checks=check1,...] [--show-details]`
-	scorecardShort = "Security Scorecards"
+	scorecardShort = "OpenSSF Scorecard"
 )
 
 // New creates a new instance of the scorecard command.
@@ -124,7 +124,7 @@ func rootCmd(o *options.Options) error {
 		}
 	}
 
-	repoResult, err := pkg.RunScorecards(
+	repoResult, err := pkg.RunScorecard(
 		ctx,
 		repoURI,
 		o.Commit,
@@ -136,7 +136,7 @@ func rootCmd(o *options.Options) error {
 		vulnsClient,
 	)
 	if err != nil {
-		return fmt.Errorf("RunScorecards: %w", err)
+		return fmt.Errorf("RunScorecard: %w", err)
 	}
 	repoResult.Metadata = append(repoResult.Metadata, o.Metadata...)
 

@@ -69,7 +69,7 @@ func serveCmd(o *options.Options) *cobra.Command {
 				defer ossFuzzRepoClient.Close()
 				ciiClient := clients.DefaultCIIBestPracticesClient()
 				checksToRun := checks.GetAll()
-				repoResult, err := pkg.RunScorecards(
+				repoResult, err := pkg.RunScorecard(
 					ctx, repo, clients.HeadSHA /*commitSHA*/, o.CommitDepth, checksToRun, repoClient,
 					ossFuzzRepoClient, ciiClient, vulnsClient)
 				if err != nil {

@@ -164,14 +164,14 @@ func processRequest(ctx context.Context,
 			delete(checksToRun, check)
 		}
 
-		result, err := pkg.RunScorecards(ctx, repo, commitSHA, 0, checksToRun,
+		result, err := pkg.RunScorecard(ctx, repo, commitSHA, 0, checksToRun,
 			repoClient, ossFuzzRepoClient, ciiClient, vulnsClient)
 		if errors.Is(err, sce.ErrRepoUnreachable) {
 			// Not accessible repo - continue.
 			continue
 		}
 		if err != nil {
-			return fmt.Errorf("error during RunScorecards: %w", err)
+			return fmt.Errorf("error during RunScorecard: %w", err)
 		}
 		for checkIndex := range result.Checks {
 			check := &result.Checks[checkIndex]

@@ -155,7 +155,7 @@ func getScorecardCheckResults(dCtx *dependencydiffContext) error {
 			// Run scorecard on those types of dependencies that the caller would like to check.
 			// If the input map changeTypesToCheck is empty, by default, we run the checks for all valid types.
 			// TODO (#2064): use the Scorecare REST API to retrieve the Scorecard result statelessly.
-			scorecardResult, err := pkg.RunScorecards(
+			scorecardResult, err := pkg.RunScorecard(
 				dCtx.ctx,
 				dCtx.ghRepo,
 				// TODO (#2065): In future versions, ideally, this should be

diff --git a/docs/checks.md b/docs/checks.md
@@ -34,7 +34,7 @@ Problems with generated executable (binary) artifacts:
     the source repository (since the executable generation process is less
     likely to have atrophied).
 
-Allowed by Scorecards:
+Allowed by Scorecard:
 
   - Files in the source repository that are simultaneously reviewable source
     code and executables, since these are reviewable. (Some interpretive
@@ -186,7 +186,7 @@ To earn the passing badge, the project MUST:
   - apply at least one static code analysis tool (beyond compiler warnings and
     "safe" language modes) to any proposed major production release.
 
-Some of these criteria overlap with other Scorecards checks.
+Some of these criteria overlap with other Scorecard checks.
 
 
 **Remediation steps**
@@ -442,9 +442,9 @@ You can create a package in several ways:
 
 Note: A project that fulfills this criterion with other tools may still receive
 a low score on this test. There are many ways to package software, and it is
-challenging for an automated tool like Scorecards to detect them all. A low
+challenging for an automated tool like Scorecard to detect them all. A low
 score is therefore not a definitive indication that the project is at risk. If
-Scorecards fails to detect the way you publish a package and you think we should
+Scorecard fails to detect the way you publish a package and you think we should
 support your use case, please let us know by [opening an
 issue](https://github.com/ossf/scorecard/issues/new/choose).