Skip to content

ci: Add scorecard-monitor integration with Allstar results#78

Merged
justaugustus merged 2 commits intomainfrom
allstar-scorecard-monitor-integration
Mar 28, 2026
Merged

ci: Add scorecard-monitor integration with Allstar results#78
justaugustus merged 2 commits intomainfrom
allstar-scorecard-monitor-integration

Conversation

@justaugustus
Copy link
Copy Markdown
Member

@justaugustus justaugustus commented Mar 28, 2026

Summary

Update the Allstar workflow to produce a Scorecard results file and feed it into scorecard-monitor for dashboard reporting via PR.

Changes

  • Allstar ref updated from evidence-upload to results-json-output (adds -results-file flag)
  • Allstar run produces results.json (Scorecard JSON v2 format) as an artifact
  • New monitor job runs scorecard-monitor with results-path input to consume the results
  • Uses peter-evans/create-pull-request for human review of report updates

Related PRs

Test plan

  • Merge and trigger via workflow_dispatch
  • Verify scan job produces results.json artifact
  • Verify monitor job creates a PR with scorecard-report.md

🤖 Generated with Claude Code

@justaugustus @claude
ci: add scorecard-monitor integration with results file
7d233ae 
Update the Allstar workflow to:
- Use the results-json-output branch (includes SARIF upload +
  results file output)
- Pass -results-file to produce Scorecard JSON v2 output
- Add a monitor job that feeds the results into scorecard-monitor
  for dashboard reporting
- Use peter-evans/create-pull-request for human review of report
  updates (matching bloomberg/.github pattern)

The monitor job uses scorecard-monitor's results-path input
(ossf/scorecard-monitor#90) to consume Allstar's output and
generate a Markdown report with score history.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector bot commented Mar 28, 2026

⚠️ Workspace Mapping Required

Hello! We noticed that your GitHub organization is not yet mapped to a Kusari workspace. Kusari Inspector now requires installations to be associated with a Kusari workspace.

⚠️ NOTE: Only the admin who installed the Kusari GitHub App can complete these steps. If the admin is unable to complete these steps, please contact support@kusari.dev

To complete the setup:

  1. Visit https://console.us.kusari.cloud/auth/github and log in via github
  2. If you have only one workspace, it will be automatically selected for you
  3. Once the mapping is complete, return here and create a new comment with: @kusari-inspector re-run

This will trigger the analysis to run again.

For more information, or if you need help, visit https://github.com/kusaridev/community/discussions

justaugustus
justaugustus commented Mar 28, 2026
View reviewed changes
justaugustus
justaugustus commented Mar 28, 2026
View reviewed changes
@justaugustus
Apply suggestions from code review
f49a899 
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
Signed-off-by: Stephen Augustus <justaugustus@users.noreply.github.com>
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector bot commented Mar 28, 2026

⚠️ Workspace Mapping Required

Hello! We noticed that your GitHub organization is not yet mapped to a Kusari workspace. Kusari Inspector now requires installations to be associated with a Kusari workspace.

⚠️ NOTE: Only the admin who installed the Kusari GitHub App can complete these steps. If the admin is unable to complete these steps, please contact support@kusari.dev

To complete the setup:

  1. Visit https://console.us.kusari.cloud/auth/github and log in via github
  2. If you have only one workspace, it will be automatically selected for you
  3. Once the mapping is complete, return here and create a new comment with: @kusari-inspector re-run

This will trigger the analysis to run again.

For more information, or if you need help, visit https://github.com/kusaridev/community/discussions

@justaugustus justaugustus changed the title ci: add scorecard-monitor integration with Allstar results ci: Add scorecard-monitor integration with Allstar results Mar 28, 2026
@justaugustus justaugustus merged commit 8954ece into main Mar 28, 2026
1 check passed
@justaugustus justaugustus deleted the allstar-scorecard-monitor-integration branch March 28, 2026 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justaugustus