Enable OSSF Scorecard Code-Scanning for this Repository through scorecard.yml Workflow
Problem
It is good to record the results of the OSSF scorecard scan for maintainability reasons as well as to create value in other areas such as the upcoming PyCon poster. Currently we are not using OSFF scorecard code-scanning.
Solution
I have enabled OSSF scorecard scanning through the GitHub UI. This workflow will carry out the OSSF code-scanning and upload it to the GitHub code-scanning dashboard. It will also carry out the optional branch-protection check. Currently, the workflow is also set to publish the results of the scan to the OSSF api.
Result
A new workflow is added that runs on push to main as well as on a regular interval set by a cron job. OSSF scorecard code-scanning is carried out by this job.
Enable OSSF Scorecard Code-Scanning for this Repository through
scorecard.ymlWorkflowProblem
It is good to record the results of the OSSF scorecard scan for maintainability reasons as well as to create value in other areas such as the upcoming PyCon poster. Currently we are not using OSFF scorecard code-scanning.
Solution
I have enabled OSSF scorecard scanning through the GitHub UI. This workflow will carry out the OSSF code-scanning and upload it to the GitHub code-scanning dashboard. It will also carry out the optional branch-protection check. Currently, the workflow is also set to publish the results of the scan to the OSSF api.
Result
A new workflow is added that runs on push to main as well as on a regular interval set by a cron job. OSSF scorecard code-scanning is carried out by this job.