OSSF Scorecard
This producer component generates scorecards for projects to show how they adhere with best practices.
Read more about what it does on the OSSF homepage and GitHub repo.
How to use with Smithy
Open-Source
- Add the Helm package to the pipeline settings:
---
# file: ./my-pipeline/kustomization.yaml
components:
- pkg:helm/smithy-security-oss-components/producer-ossf-scorecard
- Configure the run parameters of the component in the pipeline run file:
# file: ./my-pipeline/pipelinerun.yaml
---
...
spec:
...
params:
- name: producer-ossf-scorecard-input-repo
value: <your repo>
- name: producer-ossf-scorecard-github-auth-token
value: <your github auth token>
SaaS
- In the Smithy UI, open the page to create a new workflow.
- Find OSSF in the Producers dropdown.
- Configure the parameters in the form on the right
Options
You can configure this component with the following options:
| Option Name | Description | Default | Type |
|---|---|---|---|
| [Required] producer-ossf-scorecard-input-repo | The URL of the repository you want to scan | String | |
| [Required] producer-ossf-scorecard-github-auth-token | Your GitHub auth token | String |