A tool to download and process OpenSSF Scorecard data for GitHub repositories.
Scorecard Downloader is a command-line tool that allows you to download and process OpenSSF Scorecard data for specified GitHub repositories. It can handle multiple repositories at once and saves the results in a JSON file. The tool uses the deps.dev API to convert Package URLs (pURLs) to GitHub URLs before downloading the Scorecard data. It also supports using BigQuery to download the Scorecard data.
go get github.com/bitbomdev/scorecard-downloaderscorecard-downloader [global options] command [command options] [arguments...]--purls value: PURLs of the repositories to process (can be specified multiple times)--purls-file value: File containing PURLs, one per line--output value: Output file name (default: "results.json")--use-bigquery: Use BigQuery instead of the Scorecard API--credentials-file value: Path to the BigQuery credentials file--help, -h: Show help
Process repositories specified directly:
scorecard-downloader --purls pkg:github/kubernetes/kubernetes --purls pkg:github/golang/goProcess repositories from a file:
scorecard-downloader --purls-file repos.txtSpecify custom output file:
scorecard-downloader --purls pkg:github/kubernetes/kubernetes --output custom_results.jsonUse BigQuery with a credentials file:
scorecard-downloader --purls pkg:github/kubernetes/kubernetes --use-bigquery --credentials-file path/to/credentials.jsonThe tool saves the processed Scorecard data in a JSON file. By default, the output file is named results.json, but you can specify a custom name using the --output option.