Add docs for API

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
ossf · Sep 1, 2022 · 2d123dd · 2d123dd
1 parent 9b15950
commit 2d123dd
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ ________
 - [Workflow Setup](#workflow-setup)
 
 [View Results](#view-results)
+- [REST API](#rest-api)
 - [Scorecard Badge](#scorecard-badge)
 - [Code Scanning Alerts](#code-scanning-alerts)
 - [Verify Runs](#verify-runs)
@@ -110,9 +111,12 @@ Then click "Add More Scanning Tools."
 
 The workflow is preconfigured to run on every repository contribution. After making a code change, you can view the results for the change either through the Scorecard Badge, Code Scanning Alerts or GitHub Workflow Runs.
 
+### REST API
+Starting with scorecard-action:v2, users can use a REST API to query their latest run results. This requires setting [`publish_results: true`](https://github.com/ossf/scorecard/blob/d13ba3f3355b958d5d62edc47282a2e7ed9fa7c1/.github/workflows/scorecard-analysis.yml#L39) for the action and enabling [`id-token: write`](https://github.com/ossf/scorecard/blob/d13ba3f3355b958d5d62edc47282a2e7ed9fa7c1/.github/workflows/scorecard-analysis.yml#L22) permission for the job (needed to access GitHub OIDC token). The API is available here: https://api.securityscorecards.dev. 
+
 ### Scorecard Badge
 
-Starting with scorecard-action:v2, users can add a Scorecard Badge to their README to display the latest status of their Scorecard results. This requires setting `publish_results: true` for the action and enabling `id-token: write` permission for the job (needed to access GitHub OIDC token). The badge is updated on every run of scorecard-action and points to the latest result. To add a badge to your README, copy and paste the below lines:
+Starting with scorecard-action:v2, users can add a Scorecard Badge to their README to display the latest status of their Scorecard results. This requires setting [`publish_results: true`](https://github.com/ossf/scorecard/blob/d13ba3f3355b958d5d62edc47282a2e7ed9fa7c1/.github/workflows/scorecard-analysis.yml#L39) for the action and enabling [`id-token: write`](https://github.com/ossf/scorecard/blob/d13ba3f3355b958d5d62edc47282a2e7ed9fa7c1/.github/workflows/scorecard-analysis.yml#L22) permission for the job (needed to access GitHub OIDC token). The badge is updated on every run of scorecard-action and points to the latest result. To add a badge to your README, copy and paste the below lines:
 
 ```
 [![OpenSSF Scorecard]