example workflow for scorecard

examples/pipelines/scorecard-project/kustomization.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+nameSuffix: -scorecard-project
+components:
+  - pkg:helm/smithy-security-oss-components/base
+  - components/producers/ossf-scorecard
+  - pkg:helm/smithy-security-oss-components/producer-aggregator
+  - pkg:helm/smithy-security-oss-components/enricher-custom-annotation
+  - pkg:helm/smithy-security-oss-components/enricher-aggregator
+  - pkg:helm/smithy-security-oss-components/consumer-stdout-json

examples/pipelines/scorecard-project/pipelinerun.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: smithy-scorecard-project-
+spec:
+  pipelineRef:
+    name: smithy-scorecard-project
+  params:
+  - name: producer-ossf-scorecard-input-repo
+    value: https://github.com/smithy-security/smithy
+  - name: producer-ossf-scorecard-github-auth-token
+    value: $github-auth-token-permissions-to-read-repos
+  - name: enricher-custom-annotation-base-annotation
+    value: '{"foo":"bar","a":"b","1":"2"}'
+  workspaces:
+  - name: output
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi