From fba5ecf0bb6ac027f7840e76c8666f14b4976e99 Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Wed, 1 Jul 2026 13:52:21 -0700 Subject: [PATCH] chore: enable Scorecard publishing now that the repo is public The repo is public. Flip scorecard publish_results to true so results post to the OpenSSF Scorecard API, and add the Scorecard badge to the README. Closes #19 Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/scorecard.yml | 6 +++--- README.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 659773d..a376359 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,9 +33,9 @@ jobs: with: results_file: scorecard-results.sarif results_format: sarif - # publish_results requires a public repo; flip to true after the - # 2026-06-23 public launch. - publish_results: false + # The repo is public; publish results to the OpenSSF Scorecard API so + # the README badge resolves. + publish_results: true - name: Upload SARIF uses: github/codeql-action/upload-sarif@v4 diff --git a/README.md b/README.md index e770da1..05468cb 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@

-[![CI](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml) [![License: MIT](https://img.shields.io/badge/license-MIT-blue)](LICENSE) +[![CI](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml) [![License: MIT](https://img.shields.io/badge/license-MIT-blue)](LICENSE) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/agentrust-io/ca2a/badge)](https://scorecard.dev/viewer/?uri=github.com/agentrust-io/ca2a) > **Pre-release draft.** cA2A is a profile in active design. The delegation semantics are implemented and tested in [agent-manifest](https://github.com/agentrust-io/agent-manifest); the runtime peer path and sealed channel in this repo are under construction. See [ROADMAP.md](ROADMAP.md) and [LIMITATIONS.md](LIMITATIONS.md) for exactly what is and is not built.