Show openssf results in for private repos as a github issue #1441
Comments
|
While I don't believe a Renovate-like dashboard currently exists for Scorecard, you may want to check out Scorecard Monitor, which can file issues/PRs reporting Scorecard results across multiple repositories, and also integrates with StepSecurity to provide potential remediation steps. Here is a sample report and example of remediation steps provided by StepSecurity (GitHub auth required to view). |
|
To clarify, you're asking about private repositories (since advanced security is free for public repos) ? Have you considered Allstar? I believe it has the machinery to create issues on all (?) Scorecard checks? This may be overkill what you want though! Especially since Allstar requires administrative permissions, or self-hosting your own copy.
I think this may be the simplest approach, although I dont think there are any ready out of the box.
My understanding is it hits the Scorecard API, which wouldn't be available for private repositories. |
Since advanced security is very expensive, it would be nice to follow something like the renovatebot dashboard as a github issue and create an OpenSSF scorecard dashboard as a github issue. Once the issue is created, it can be edited in place.
SAP/guided-answers-extension#477
If it's decided to not do this, it would be nice to document using an upstream action to do this for us.
E.g. run this action to get the scorecard results, then pass to another action to manage the markdown and dashboard issue
The text was updated successfully, but these errors were encountered: