Can I use OpenSSF Scorecard as a CLI?

Yes. KosmoKrator exposes a OpenSSF Scorecard CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose OpenSSF Scorecard through MCP?

Yes. The KosmoKrator MCP gateway can expose selected OpenSSF Scorecard tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are OpenSSF Scorecard credentials stored?

OpenSSF Scorecard credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for OpenSSF Scorecard MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

data

OpenSSF Scorecard CLI for AI Agents

Use the OpenSSF Scorecard CLI from KosmoKrator to call OpenSSF Scorecard tools headlessly, return JSON, inspect schemas, and automate workflows from coding agents, scripts, and CI.

OpenSSF Scorecard CLI Setup

OpenSSF Scorecard can be configured headlessly with `kosmokrator integrations:configure openssf-scorecard`.

Install, configure, and verify

# Install KosmoKrator first if it is not available on PATH.
curl -fsSL https://raw.githubusercontent.com/OpenCompanyApp/kosmokrator/main/install.sh | bash

# Configure and verify this integration.
kosmokrator integrations:configure openssf-scorecard --enable --read allow --write ask --json
kosmokrator integrations:doctor openssf-scorecard --json
kosmokrator integrations:status --json

Credentials

Authentication type: No credentials none. Configure credentials once, then reuse the same stored profile from scripts, coding CLIs, Lua, and MCP.

No credentials are required.

Command Patterns

The generic command is stable across every integration. The provider shortcut is shorter for humans.

Generic CLI call

kosmo integrations:call openssf-scorecard.openssf_scorecard_result '{}' --json

Provider shortcut

kosmo integrations:openssf-scorecard openssf_scorecard_result '{}' --json

Discovery

These commands return structured output for coding agents that need to inspect capabilities before choosing a function.

Discovery commands

kosmo integrations:docs openssf-scorecard --json
kosmo integrations:docs openssf-scorecard.openssf_scorecard_result --json
kosmo integrations:schema openssf-scorecard.openssf_scorecard_result --json
kosmo integrations:search "OpenSSF Scorecard" --json
kosmo integrations:list --json

Automation Contexts

The same configured command surface works in these environments. The command does not change unless the host wrapper, credentials, or permissions change.

CI Run integration calls from CI jobs with JSON output, explicit credentials, and predictable exit status. Cron Jobs Schedule repeatable integration workflows from cron while keeping credentials in KosmoKrator config. Shell Scripts Call integration functions from shell scripts with stable JSON input and output. Headless Automation Use KosmoKrator as a non-interactive integration runtime for local automations and wrappers. Coding Agents Let coding agents discover schemas and execute integration functions through CLI commands or MCP.

CLI Functions

Every function below can be called headlessly. Commands are highlighted, copyable, and scroll horizontally when payloads are long.

`openssf-scorecard.openssf_scorecard_result`

Retrieve a published repository Scorecard result.

Read read

Parameters: none

Generic call

kosmo integrations:call openssf-scorecard.openssf_scorecard_result '{}' --json

Shortcut

kosmo integrations:openssf-scorecard openssf_scorecard_result '{}' --json

`openssf-scorecard.openssf_scorecard_check`

Retrieve one check from a published Scorecard result.

Read read

Parameters: none

Generic call

kosmo integrations:call openssf-scorecard.openssf_scorecard_check '{}' --json

Shortcut

kosmo integrations:openssf-scorecard openssf_scorecard_check '{}' --json

`openssf-scorecard.openssf_scorecard_badge`

Retrieve the OpenSSF Scorecard badge SVG.

Read read

Parameters: none

Generic call

kosmo integrations:call openssf-scorecard.openssf_scorecard_badge '{}' --json

Shortcut

kosmo integrations:openssf-scorecard openssf_scorecard_badge '{}' --json

`openssf-scorecard.openssf_scorecard_viewer_url`

Build the public Scorecard viewer URL for a repository.

Read read

Parameters: none

Generic call

kosmo integrations:call openssf-scorecard.openssf_scorecard_viewer_url '{}' --json

Shortcut

kosmo integrations:openssf-scorecard openssf_scorecard_viewer_url '{}' --json

Function Schemas

Use these parameter tables when building CLI payloads without calling integrations:schema first.

openssf-scorecard.openssf_scorecard_result 0 parameters

Schema command

kosmo integrations:schema openssf-scorecard.openssf_scorecard_result --json

Parameter	Type	Required	Description
No parameters.

openssf-scorecard.openssf_scorecard_check 0 parameters

Schema command

kosmo integrations:schema openssf-scorecard.openssf_scorecard_check --json

Parameter	Type	Required	Description
No parameters.

openssf-scorecard.openssf_scorecard_badge 0 parameters

Schema command

kosmo integrations:schema openssf-scorecard.openssf_scorecard_badge --json

Parameter	Type	Required	Description
No parameters.

openssf-scorecard.openssf_scorecard_viewer_url 0 parameters

Schema command

kosmo integrations:schema openssf-scorecard.openssf_scorecard_viewer_url --json

Parameter	Type	Required	Description
No parameters.

Permissions

Headless calls still follow the integration read/write permission policy. Configure read/write defaults with integrations:configure. Add --force only for trusted automation that should bypass that policy.