confidential-containers/trustee: Grade C (77/100)

confidential-containers/trustee

/ 100

Documentation69

Engineering73

Health100

Rust163Apache-2.01d ago

Grade a repo

Good shape overall. A few tweaks would push it into the top tier.

Attestation and Secret Delivery Components

Documentation

2 checks need work

Contributing guide5pt

No CONTRIBUTING.md found (−47 pts base + up to −53 pts more for content).

→ Add a CONTRIBUTING.md telling newcomers how to get involved. Include setup, code style, test, and PR instructions.

Install and run instructions9pt

README documents how to install the project.

README12pt

100

README is present.

License6pt

100

Licensed under Apache-2.0.

Engineering

2 checks need work

Linting and formatting5pt

No Rust linting or formatting enforced.

→ Add `cargo clippy -- -D warnings` and `cargo fmt --check` as CI steps, and optionally a rustfmt.toml for project-specific style rules.

Issue and PR templates6pt

No issue or PR templates found (−100 pts).

→ Add .github/ISSUE_TEMPLATE/ with bug_report.md and feature_request.md to guide contributors. It dramatically improves issue quality.

CI/CD14pt

CI is configured (.github/workflows/build-and-push-staged-images.yml).

Tests18pt

100

Test files detected (attestation-service/tests).

Reproducibility6pt

100

Lockfile present (Cargo.lock). Installs are reproducible.

Project health

100

0 checks need work

Dependency manifest6pt

100

Dependency manifest found (Cargo.toml).

Repository metadata5pt

100

Repository has a description.

Activity5pt

100

Actively maintained (pushed within the last month).

Housekeeping3pt

100

.gitignore present.

Repository health signals

Activity, community, and responsiveness at scan time

Activity

—
Commits (30d / 90d)
157
Forks
17
Releaseslatest 1y ago

Community

—
Community health
—
authors own >50% of commits
163
Watchers

Responsiveness

3d 11h
Median issue response
1d 3h
Median PR merge time
120
Open issues

Repository files24 root entries

.devcontainer
.github
Good: CI is configured (.github/workflows/build-and-push-staged-images.yml).
Good: Dependabot covers 3 ecosystems (devcontainers, cargo, github-actions). Dependencies stay current.
attestation-service
Good: Test files detected (attestation-service/tests).
Good: Environment pinned via attestation-service/docker/as-grpc/Dockerfile.
deps
hack
integration-tests
kbs
protos
rvps
tools
.dockerignore
.gitignore
Good: .gitignore present.
.lycheeignore
AGENTS.md
Cargo.lock
Good: Lockfile present (Cargo.lock). Installs are reproducible.
Cargo.toml
Good: Dependency manifest found (Cargo.toml).
CODEOWNERS
DEVELOPMENT.md
docker-compose.yml
LICENSE
Good: Licensed under Apache-2.0.
Makefile
README.md
Good: README is present.
Good: README is well structured with multiple sections.
Good: README includes screenshots or visuals. Great for first impressions.
Good: README has code examples.
Good: README links to a live demo or deployed app.
Good: README includes status badges.
Good: README documents how to install the project.
Issue: No run or usage instructions found (−45 pts).Fix: Add a section showing how to start or use the project.
release-guide.md
rust-toolchain.toml