This tool will add the OpenSSF's Scorecard workflow to all accessible repositories under a given organization. A PR will be created so that owners can decide whether or not they want to include the workflow.
Running this tool requires three parameters, which are defined at the top of org-workflow-add.go:
- ORG_NAME - the name of the organization for which the workflow should be enabled.
- PAT - a Personal Access Token with the following scopes:
repo > public_repoadmin:org > read:org
- REPO_LIST (OPTIONAL) - repository names under the organization that the workflow should be added to. If not provided, every repository will be updated.
Another PAT should also be defined inside of scorecards.yml using steps defined in scorecard-action.
Execute this process by running go run org-workflow-add.go in the command line. Output will be produced for each successfully updated repository.