Skip to content

Commit a002868

Browse files
justaugustusjustaugustus
committed
cmd/multi-scorecard: Update installation command and tool history
Signed-off-by: Stephen Augustus <[email protected]>
1 parent f2e1f6b commit a002868

File tree

1 file changed

+16
-15
lines changed

1 file changed

+16
-15
lines changed

cmd/multi-scorecard/README.md

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,30 @@
1-
# Multi Scorecard
1+
# `multi-scorecard`
22

3-
This program runs [OpenSSF Scorecard](https://github.com/ossf/scorecard) over
4-
many repositories using a [GitHub
5-
App](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps)
6-
credential. GitHub is queried to determine the orgs and repos the app is
7-
installed on to determine which repos to run Scorecard over. Results are
8-
printed to stdout in a JSON array.
3+
This program runs OpenSSF Scorecard over many repositories using a [GitHub App](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps) credential.
4+
GitHub is queried to determine the orgs and repos the app is installed on to determine which repos to run Scorecard over.
5+
6+
Results are printed to stdout in a JSON array.
7+
8+
*`multi-scorecard` was originally featured as part of [Jeff Mendoza](https://github.com/jeffmendoza) and [Stephen Augustus](https://github.com/justaugustus)' SOSS Fusion talk, "Scorecard at Scale: Old and New Possibilities for Lifting Security on All Repositories".*
9+
10+
- [Session page with slides](https://sched.co/1hcPq)
11+
- [Session recording](https://youtu.be/-XZqbO3hGcw?si=eGicz0sjgiIRhol4)
12+
- [Previous source repository](https://github.com/jeffmendoza/multi-scorecard)
913

1014
## Usage
1115

12-
A [GitHub
13-
App](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps)
14-
must be created and installed on the repositories you wish to scan.
16+
A [GitHub App](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps) must be created and installed on the repositories you wish to scan.
1517

1618
To install:
1719

18-
```
19-
go get github.com/jeffmendoza/multi-scorecard@latest
20+
```console
21+
go get github.com/ossf/scorecard/cmd/multi-scorecard@multi-scorecard
2022
```
2123

2224
To run:
2325

24-
```
26+
```console
2527
multi-scorecard -appid 1234 -keyfile my-app.private-key.pem > results.json
2628
```
2729

28-
Where `1234` is the App ID of the app, and `my-app.private-key.pem` is the
29-
private key file of the app.
30+
Where `1234` is the App ID of the app, and `my-app.private-key.pem` is the private key file of the app.

0 commit comments

Comments
 (0)