Skip to content

feat: adds query and compute modes to scorecard certifer #2791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: adds query and compute modes to scorecard certifer #2791

wants to merge 1 commit into from

Conversation

@gaganhr94
Copy link

@gaganhr94 gaganhr94 commented Oct 8, 2025
edited
Loading

Description of the PR

This PR adds an API-based scorecard fetcher as an alternative to local scorecard execution, solving GitHub rate limiting issues for large-scale GUAC deployments. New API fetcher uses OpenSSF Scorecard REST API instead of using the scorecard package. Added --scorecard-fetcher-type flag to choose between "api" (default) or "local". API fetcher requires no GitHub tokens, thus eliminating the GitHub rate limiting issues.

Fixes #2783

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If GraphQL schema is changed, GraphQL client updates/additions have been made
  • If OpenAPI spec is changed, make generate has been run
  • If ent schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@gaganhr94 gaganhr94 requested a review from jeffmendoza as a code owner October 8, 2025 13:36
@gaganhr94 gaganhr94 force-pushed the feat/scorecard-modifications branch from 1940fae to 088747d Compare October 8, 2025 13:39
@funnelfiasco funnelfiasco mentioned this pull request Oct 8, 2025
Open
@gaganhr94 gaganhr94 force-pushed the feat/scorecard-modifications branch 2 times, most recently from 3abf768 to 5b59806 Compare October 9, 2025 18:18
@gaganhr94
Copy link
Author

gaganhr94 commented Oct 10, 2025

Hi, could someone please rerun the workflow which has failed? It seems to have failed due to something unrelated to our changes.

@gaganhr94 @kpauljoseph
@Jayashree138 @ANIRUDH-333 @himasree424
feat: adds query and compute modes to scorecard certifer
e34752f 
Co-authored-by: Paul Joseph <[email protected]>
Co-authored-by: Jayashree O <[email protected]>
Co-authored-by: Anirudh Edpuganti <[email protected]>
Co-authored-by: N Hima Sree <[email protected]>
Signed-off-by: Gagan H R <[email protected]>
@kpauljoseph kpauljoseph force-pushed the feat/scorecard-modifications branch from 5b59806 to e34752f Compare October 13, 2025 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[feature] Add API-based scorecard fetcher as an alternative to existing scorecard certifier

1 participant

@gaganhr94