Skip to content

feat: add reusable OpenSSF Scorecard workflow#5

Merged
cwaits6 merged 2 commits intomainfrom
feat/scorecard-workflow
Mar 19, 2026
Merged

feat: add reusable OpenSSF Scorecard workflow#5
cwaits6 merged 2 commits intomainfrom
feat/scorecard-workflow

Conversation

@cwaits6
Copy link
Owner

@cwaits6 cwaits6 commented Mar 19, 2026

Summary

  • Add reusable scorecard.yml workflow for OpenSSF Scorecard analysis
  • Repos opt in by calling it (not auto-applied to all repos)
  • Publishes SARIF results to GitHub Security tab
  • Publishes to OpenSSF REST API (enables badge on scorecard.dev)

Usage

on:
  push:
    branches: [main]
  schedule:
    - cron: "0 6 * * 1"
jobs:
  scorecard:
    uses: cwaits6/.github/.github/workflows/scorecard.yml@main

Test plan

  • Verify calling workflow triggers Scorecard and uploads SARIF
  • Verify badge resolves on scorecard.dev after first run

cwaits6 added 2 commits March 19, 2026 00:07
@cwaits6
feat: add reusable OpenSSF Scorecard workflow
2a73d36 
Reusable workflow that repos can opt into for OpenSSF Scorecard
analysis. Publishes results to the GitHub Security tab via SARIF
and to the OpenSSF REST API for badge support.
@cwaits6
docs: add scorecard and Docker Hub docs to README
f329184
@cwaits6 cwaits6 merged commit 5b69976 into main Mar 19, 2026
@cwaits6 cwaits6 deleted the feat/scorecard-workflow branch March 19, 2026 04:10
@github-actions
Copy link

github-actions bot commented Mar 19, 2026

🎉 This PR is included in version 1.5.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cwaits6