Open nitrocode opened 1 week ago
@jeffmendoza Is this something Allstar org-level configs could help with?
If you happen to use Minder, they recently added support for provisioning Scorecard: https://github.com/stacklok/minder-rules-and-profiles/blob/main/rule-types/github/scorecard_enabled.yaml
EDIT: I've filed a top-level tracking issue to formalize support for large-scale use cases: https://github.com/ossf/scorecard/issues/4339
Org wide installation of a managed github app @jeffmendoza Is this something Allstar org-level configs could help with?
+1. This sounds like something up Allstar's alley. At least to enforce policies. I'm not sure about spitting out the raw scorecard results
Is your feature request related to a problem? Please describe. Without having to build my own app (as per docs):
Id like to setup openssf scorecards for the entire cloudposse org. To do this, I'll need to proliferate a github action per repo. There are over 500 repos. If this was an app, i could install the github app in the org, give it access to all the repos, without making a single code change.
Describe the solution you'd like Org wide installation of a managed github app
Describe alternatives you've considered Script to run scorecard as a scheduled cron using a PAT
Additional context N/A