Proposal: Improved experience for large-scale (multi-org, multi-repo) deployment of Scorecard #4339
Labels
Comments
|
This issue has been marked stale because it has been open for 60 days with no activity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
While Scorecard and the Scorecard Action are well-suited for small-scale deployments (e.g. a single repository or small group of repositories), larger organizations, enterprise administrators, and maintainers of numerous (perhaps hundreds of) repositories often struggle with deploying Scorecard at scale.
There have been individual efforts to tackle this, such as the CLI installer tool, the creation of a custom matrix strategy, and the employment of reusable workflows, but each of these have their own limitations, and don't solve the issue in a particularly elegant way.
Recently, there have been several calls for the introduction of a GitHub App to deploy Scorecard across an entire organization. There may be potential to provide similar large-scale support on GitLab via the use of Group Access Tokens.
I also raised this issue at the most recent Scorecard community meeting, and there was widespread agreement that deploying Scorecard at scale is an increasingly common use case that warrants formalized support.
Describe the solution you'd like
This should be used as the top-level tracking issue for any and all efforts related to improving the user experience for large-scale deployments of Scorecard.
Describe alternatives you've considered
As mentioned above, several alternatives currently exist, but they all present their own challenges due to a lack of centralized support in the main Scorecard project.
Additional context
Refs:
cc: @jeffmendoza @justaugustus @spencerschrock
The text was updated successfully, but these errors were encountered: