lelia

Hey @Asmit2952 are you still planning on working on this? If not, feel free to un-assign yourself so anyone can claim it!

All good, @Asmit2952! No worries in that case 😄 Take your time and good luck with exams! 🤞

> https://docs.github.com/en/actions/creating-actions/creating-a-composite-action I'd definitely be in support of this!

> [@ahpook](https://github.com/ahpook) I like this. > > I agree, by default an output variable of `json`. If a repo can offer other formats, make them available as an output (e.g.,...

From a UX perspective, I think the sheer fact that "Dangerous Workflow" is currently the _only_ category classed as "Critical" combined with the fact that the default webapp sort view...

> It's just a shame scorecard-action cannot be centrally run via a github App; no one sane wants to make workflow commits to 900+ repos and all the wonderful automated...

This issue was discussed in this week's community meeting, there is agreement that probes would be an appropriate place to address this, but concerns about achieving parity will require multiple...

> Having a SECURITY.md is a well known convention. If we start parsing the README, my thoughts go to detection mechanisms and false positives. I agree with this. The extent...

> @crtrott This is a known limitation with GitHub's classic branch protection, and something that is documented here: https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional > > While you can make either a classic PAT, or...

Hi @Jordin221, could you clarify what the desired formatting would be — something like this? ----- Scorecard can run using just one argument, the URL of the target repo: `scorecard...