Skip to content

Instantly share code, notes, and snippets.

@jspeed-meyers
Last active July 6, 2022 00:58
Show Gist options
  • Save jspeed-meyers/d1aba58f84b7d64843637c82021a9d08 to your computer and use it in GitHub Desktop.
Save jspeed-meyers/d1aba58f84b7d64843637c82021a9d08 to your computer and use it in GitHub Desktop.
Run ossf/scorecard on multiple repos and output results to different json files
#!/bin/bash
# scoredeck.sh
# Collect scorecard data from a set of repos listed in repos.txt
# and store in files inside a data folder
#
# Usage:
# $ ./scoredeck.sh
#
# Requires GITHUB_AUTH_TOKEN to be set to a valid GitHub personal access
# token.
#
# $ export GITHUB_AUTH_TOKEN=fldkjfldkjflkdjflkjdlkfjdkl
#
# Input data comes from a file named repos.txt
# Each repo is stored on a separate line
# The last line in the file should be empty
#
# Output data for each repo is stored in a separate, individual json file.
echo "Scoredeck script is running."
echo ""
# a loop through the repos listed in repos.txt
while read name
do
# remove slashes from github repo name to make naming files without
# errors possible
output_filename=$(echo $name | sed 's#/#-#g')
echo "Scanning ${name}"
# read in GitHub personal access token set in environment variable
GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN:-default} \
scorecard --repo="$name" \
--format="json" > "data/${output_filename}.json" # output json to a file
done < repos.txt # read in repos.txt file line-by-line
echo ""
echo "Scoredeck script has completed."
echo ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment