diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 659773d..a376359 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,9 +33,9 @@ jobs: with: results_file: scorecard-results.sarif results_format: sarif - # publish_results requires a public repo; flip to true after the - # 2026-06-23 public launch. - publish_results: false + # The repo is public; publish results to the OpenSSF Scorecard API so + # the README badge resolves. + publish_results: true - name: Upload SARIF uses: github/codeql-action/upload-sarif@v4 diff --git a/README.md b/README.md index e770da1..05468cb 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@

-[![CI](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml) [![License: MIT](https://img.shields.io/badge/license-MIT-blue)](LICENSE) +[![CI](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/agentrust-io/ca2a/actions/workflows/ci.yml) [![License: MIT](https://img.shields.io/badge/license-MIT-blue)](LICENSE) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/agentrust-io/ca2a/badge)](https://scorecard.dev/viewer/?uri=github.com/agentrust-io/ca2a) > **Pre-release draft.** cA2A is a profile in active design. The delegation semantics are implemented and tested in [agent-manifest](https://github.com/agentrust-io/agent-manifest); the runtime peer path and sealed channel in this repo are under construction. See [ROADMAP.md](ROADMAP.md) and [LIMITATIONS.md](LIMITATIONS.md) for exactly what is and is not built.