You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -110,6 +110,9 @@ Then click "Add More Scanning Tools."
The workflow is preconfigured to run on every repository contribution. After making a code change, you can view the results for the change either through the Scorecard Badge, Code Scanning Alerts or GitHub Workflow Runs.
### REST API
Starting with scorecard-action:v2, users can use a REST API to query their latest run results. This requires setting `publish_results: true` for the action and enabling `id-token: write` permission for the job (needed to access GitHub OIDC token). The API is available here: https://api.securityscorecards.dev.
### Scorecard Badge
Starting with scorecard-action:v2, users can add a Scorecard Badge to their README to display the latest status of their Scorecard results. This requires setting `publish_results: true` for the action and enabling `id-token: write` permission for the job (needed to access GitHub OIDC token). The badge is updated on every run of scorecard-action and points to the latest result. To add a badge to your README, copy and paste the below lines:
