Feature: Managed Github App per org instead of github action per repo

[nitrocode]

Is your feature request related to a problem? Please describe. Without having to build my own app (as per docs):

Id like to setup openssf scorecards for the entire cloudposse org. To do this, I'll need to proliferate a github action per repo. There are over 500 repos. If this was an app, i could install the github app in the org, give it access to all the repos, without making a single code change.

Describe the solution you'd like Org wide installation of a managed github app

Describe alternatives you've considered Script to run scorecard as a scheduled cron using a PAT

Additional context N/A

[lelia]

@jeffmendoza Is this something Allstar org-level configs could help with?

If you happen to use Minder, they recently added support for provisioning Scorecard: https://github.com/stacklok/minder-rules-and-profiles/blob/main/rule-types/github/scorecard_enabled.yaml

EDIT: I've filed a top-level tracking issue to formalize support for large-scale use cases: https://github.com/ossf/scorecard/issues/4339

[spencerschrock]

Org wide installation of a managed github app @jeffmendoza Is this something Allstar org-level configs could help with?

+1. This sounds like something up Allstar's alley. At least to enforce policies. I'm not sure about spitting out the raw scorecard results