Feature: Managed Github App per org instead of github action per repo #4333
Labels
kind/enhancement
New feature or request
Comments
nitrocode
changed the title
nitrocode
changed the title
|
@jeffmendoza Is this something Allstar org-level configs could help with? If you happen to use Minder, they recently added support for provisioning Scorecard: https://github.com/stacklok/minder-rules-and-profiles/blob/main/rule-types/github/scorecard_enabled.yaml EDIT: I've filed a top-level tracking issue to formalize support for large-scale use cases: #4339 |
This was referenced Sep 5, 2024
+1. This sounds like something up Allstar's alley. At least to enforce policies. I'm not sure about spitting out the raw scorecard results |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Without having to build my own app (as per docs):
Id like to setup openssf scorecards for the entire cloudposse org. To do this, I'll need to proliferate a github action per repo. There are over 500 repos. If this was an app, i could install the github app in the org, give it access to all the repos, without making a single code change.
Describe the solution you'd like
Org wide installation of a managed github app
Describe alternatives you've considered
Script to run scorecard as a scheduled cron using a PAT
Additional context
N/A
The text was updated successfully, but these errors were encountered: