The GitHub API calls are throttled which makes it hard to scale the number of repositories to scan and provide results.
The code would have to wait for tens of minutes before continuing
{"level":"warn","ts":1613869247.8747272,"caller":"roundtripper/roundtripper.go:139","msg":"Rate limit exceeded. Waiting 44m34.125286853s to retry..."}
Scorecard checks for these don't need GitHub API, it requires a Git API
- Active
- Frozen-Deps
- CodeQLInCheckDefinitions
- Security-Policy
- Packaging
Potential solution
- Clone the Git Repo
- Git pull on these repo's on a
cron - to get the updates
- Use an API to query these repositories directly instead of the GitHub
The https://github.com/go-git/go-git project provides an API on Git which could be used for avoiding the GitHub API limitations.
With httpcache #80 (comment) and reducing the number of GitHub API calls, we should be able to scale the scanning number of repositoreis.
related to #80
The GitHub API calls are throttled which makes it hard to scale the number of repositories to scan and provide results.
The code would have to wait for tens of minutes before continuing
{"level":"warn","ts":1613869247.8747272,"caller":"roundtripper/roundtripper.go:139","msg":"Rate limit exceeded. Waiting 44m34.125286853s to retry..."}Scorecard checks for these don't need GitHub API, it requires a Git API
Potential solution
cron- to get the updatesThe https://github.com/go-git/go-git project provides an API on Git which could be used for avoiding the GitHub API limitations.
With
httpcache#80 (comment) and reducing the number of GitHub API calls, we should be able to scale the scanning number of repositoreis.related to #80