# Project 15

## Brief recommendation for boss

> Is the CICD viable for this purpose?


yes, but they can't see the problem details (as they are displayed only in Reunite)

> How would credentials be transmitted to the contractor?


share it with an encrypted message

> Is that secure?


No, there are no scopes for the api keys. They can inject users via scim to our organization.

> Do you see any potential pitfalls?


No scopes on api key is a pitfall

## What made you smile?

- Use of prefix for created branches to avoid name clash
- CICD works smoothly except for merging PRs with broken checks
- Setup is easy and clear enough for a developer


## What did you find confusing?

- There should be no warning for internal repo. Especially with "Unknown" as the source.
- Would be good to generate api key inline.
- "Copied" tooltip and icon change would be nice for api key.
- Copy button for variable name would be nice.
- Copy code button could also be inline in the guide block.
- "Copy the code sample to the created file." is weird. What is "code sample"? It should be "Copy the pipeline code on the left".
- Points 3 and 4 are in the wrong order. You should first copy the code and then create the file.
- Scorecard failed status could be in red in push action logs.
- There is scorecard output in push but not link checker.
- On deploys page it should show failed check labels.
- We didn't expect automerge when there are failed checks (lint).
- Major problem is no scopes for API keys.