Upgrade OpenSSF Best Practices badge from Silver to Gold

[SebTardif]

Context

The Scorecard CII-Best-Practices check scores 7/10 with a Silver badge. Gold gives 10/10.

Current progress: 30% of Gold criteria met. There are 19 unmet criteria, most of which are questionnaire answers on bestpractices.dev/projects/13100 rather than code changes.

Unmet Gold criteria (categorized)

Questionnaire answers (fill in on bestpractices.dev)

• homepage_url - Project homepage URL
• report_url - Bug reporting URL
• hardened_site - Site hardening (GitHub hosts the project)
• require_2FA / secure_2FA - 2FA for committers
• code_review_standards - Code review process
• contributors_unassociated - Contributor independence
• copyright_per_file / license_per_file - Per-file notices
• small_tasks - Good first issues

May require code changes

• test_statement_coverage90 - Need 90% statement coverage (currently 82%)
• test_branch_coverage80 - Need 80% branch coverage (currently 87%)
• build_reproducible - Reproducible builds

Structural (hard for solo project)

• bus_factor - Bus factor > 1
• two_person_review - Two-person review
• security_review - Formal security review

Expected impact

Scorecard CII-Best-Practices: 7 -> 10 (with Gold badge)

[SebTardif]

OpenSSF Best Practices Gold Progress

Filled the Gold questionnaire via Playwright CDP automation. Current status:

Level	Percentage
Passing	100%
Silver	100%
Gold	87%
Baseline Level 1	100%
Baseline Level 2	100%
Baseline Level 3	95%

What was done

• Fixed 3 Met criteria that were not counting as passing due to missing URL justifications (test_invocation, hardened_site, hardening)
• Fixed osps_sa_03_02 from Unmet to Met (SECURITY.md documents security model)
• Added URL-backed justifications to all 8 criteria that lacked them
• Gold went from 4% to 87%

Remaining unmet criteria (3/23)

Criterion	Level	Status	Why
bus_factor	MUST	Unmet	Requires 2+ maintainers. Solo project.
test_statement_coverage90	MUST (conditional)	Unmet	82.44% < 90% required
two_person_review	SHOULD	Unmet	Solo maintainer, no second reviewer

Gold badge is blocked by solo-maintainer constraints

The Gold badge requires bus_factor >= 2 (MUST criterion). This cannot be met for a solo-maintainer project regardless of code quality. This is a structural requirement, not a technical one.

Actionable improvements to reach maximum possible Gold %

1. Increase test statement coverage to 90% to fix test_statement_coverage90 (would reach 91% Gold)
2. Recruit a second maintainer to fix bus_factor and two_person_review (would enable Gold badge)