mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
Update README.md (#888)
This commit is contained in:
parent
aea12496c5
commit
27c5821764
73
README.md
73
README.md
@ -11,11 +11,11 @@
|
||||
* [Goals](#goals)
|
||||
* [Scorecard Checks](#scorecard-checks)
|
||||
* [Usage](#usage)
|
||||
* [Authentication](#authentication)
|
||||
* [Docker](#docker)
|
||||
* [Using repository URL](#using-repository-url)
|
||||
* [Using a Package manager](#using-a-package-manager)
|
||||
* [Running specific checks](#running-specific-checks)
|
||||
* [Authentication](#authentication)
|
||||
* [Understanding Scorecard results](#understanding-scorecard-results)
|
||||
* [Formatting Results](#formatting-results)
|
||||
* [Public Data](#public-data)
|
||||
@ -67,6 +67,42 @@ the [checks documentation page](docs/checks.md).
|
||||
|
||||
## Usage
|
||||
|
||||
### Authentication
|
||||
|
||||
Before running Scorecard, you need to, either:
|
||||
|
||||
- [create a GitHub access token](https://docs.github.com/en/free-pro-team@latest/developers/apps/about-apps#personal-access-tokens)
|
||||
and set it in an environment variable called `GITHUB_AUTH_TOKEN`,
|
||||
`GITHUB_TOKEN`, `GH_AUTH_TOKEN` or `GH_TOKEN`. This helps to avoid the
|
||||
GitHub's [api rate limits](https://developer.github.com/v3/#rate-limiting)
|
||||
with unauthenticated requests.
|
||||
|
||||
```shell
|
||||
# For posix platforms, e.g. linux, mac:
|
||||
export GITHUB_AUTH_TOKEN=<your access token>
|
||||
# Multiple tokens can be provided separated by comma to be utilized
|
||||
# in a round robin fashion.
|
||||
export GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
|
||||
|
||||
# For windows:
|
||||
set GITHUB_AUTH_TOKEN=<your access token>
|
||||
set GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
|
||||
```
|
||||
|
||||
- create a GitHub App Installations for higher rate-limit quotas. If you have
|
||||
an installed GitHub App and key file, you can use these three environment
|
||||
variables, following the commands shown above for your platform.
|
||||
|
||||
```
|
||||
GITHUB_APP_KEY_PATH=<path to the key file on disk>
|
||||
GITHUB_APP_INSTALLATION_ID=<installation id>
|
||||
GITHUB_APP_ID=<app id>
|
||||
```
|
||||
|
||||
These can be obtained from the GitHub
|
||||
[developer settings](https://github.com/settings/apps) page.
|
||||
|
||||
|
||||
### Docker
|
||||
|
||||
`scorecard` is available as a Docker container:
|
||||
@ -220,41 +256,6 @@ names.
|
||||
|
||||
For example, `--checks=CI-Tests,Code-Review`.
|
||||
|
||||
### Authentication
|
||||
|
||||
Before running Scorecard, you need to, either:
|
||||
|
||||
- [create a GitHub access token](https://docs.github.com/en/free-pro-team@latest/developers/apps/about-apps#personal-access-tokens)
|
||||
and set it in an environment variable called `GITHUB_AUTH_TOKEN`,
|
||||
`GITHUB_TOKEN`, `GH_AUTH_TOKEN` or `GH_TOKEN`. This helps to avoid the
|
||||
GitHub's [api rate limits](https://developer.github.com/v3/#rate-limiting)
|
||||
with unauthenticated requests.
|
||||
|
||||
```shell
|
||||
# For posix platforms, e.g. linux, mac:
|
||||
export GITHUB_AUTH_TOKEN=<your access token>
|
||||
# Multiple tokens can be provided separated by comma to be utilized
|
||||
# in a round robin fashion.
|
||||
export GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
|
||||
|
||||
# For windows:
|
||||
set GITHUB_AUTH_TOKEN=<your access token>
|
||||
set GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
|
||||
```
|
||||
|
||||
- create a GitHub App Installations for higher rate-limit quotas. If you have
|
||||
an installed GitHub App and key file, you can use these three environment
|
||||
variables, following the commands shown above for your platform.
|
||||
|
||||
```
|
||||
GITHUB_APP_KEY_PATH=<path to the key file on disk>
|
||||
GITHUB_APP_INSTALLATION_ID=<installation id>
|
||||
GITHUB_APP_ID=<app id>
|
||||
```
|
||||
|
||||
These can be obtained from the GitHub
|
||||
[developer settings](https://github.com/settings/apps) page.
|
||||
|
||||
### Understanding Scorecard results
|
||||
|
||||
Each check returns a **Pass / Fail** decision, as well as a confidence score
|
||||
|
Loading…
Reference in New Issue
Block a user