search

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.27k stars 463 forks source link

Feature: crowdsourcing scorecard run via GitHub action #1144

Closed laurentsimon closed 8 months ago

laurentsimon commented 2 years ago

We (scorecard team) run scorecard weekly on 200k repos.

This documentation proposes an alternative: let repo owners run scorecard in a GitHub workflow. How do we trust the results then?

This is what the proposal is about, by using OIDC flow.

naveensrinivasan commented 2 years ago

Great idea! This should help us a lot with scaling!

azeemshaikh38 commented 2 years ago

Assigning to @asraa since she's helping with this.

github-actions[bot] commented 8 months ago

This issue is stale because it has been open for 60 days with no activity.