ossf
Donate `scorecard-azure-pipelines-task`
Azure DevOps has an integrated CI/CD system called Azure Pipelines, similar to GitHub Actions. As with GitHub Actions, you can create your own custom Azure Pipelines tasks. I created scorecard-azure-pipelines-task as a custom Azure Pipelines task to enable users to easily run Scorecard against their Azure DevOps repositories, now that #4177 is largely complete. This will enable a similar experience to the existing ossf/scorecard-action on GitHub Actions.
Azure DevOps also has support for uploading SARIF files to create alerts, and I think publishing a Scorecard Azure Pipelines task will allow users to more easily integrate Scorecard feedback into normal development workflow.
This was discussed at the APAC Scorecard project meeting on February 6th, 2025, and the suggestion seemed to be generally supported, provided I agree to continue maintaining the task -- which I do.
What are the next steps?
@JamieMagee — thanks again for your work here! I'm in favor of the donation, presuming we can have your support in continuing to maintain the repository.
FYI @GeauxJD @ossf/scorecard-admins
This issue has been marked stale because it has been open for 60 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}