> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Status badge

> Embed a Pipefort security-status badge in any public repository's README.

Pipefort serves an embeddable SVG status badge for any **public GitHub
repository** that has been scanned by the [public scanner](/webapp/public-scan).
Drop it into a README to show the repo's current CI/CD security posture at a
glance — the same way projects display build or coverage badges.

## Add the badge

Use Markdown in your README (replace `owner/repo`):

```markdown theme={null}
[![Pipefort](https://pipefort.com/api/badge/owner/repo.svg)](https://pipefort.com/?repo=owner/repo)
```

The image is the badge; the link sends visitors to Pipefort with the repo
pre-filled so they can run their own scan in one click.

## What it shows

The badge reflects the repository's most recent public scan:

| State                    | Color  | Example                  |
| ------------------------ | ------ | ------------------------ |
| High-severity findings   | red    | `pipefort · 3 high`      |
| Medium-severity findings | orange | `pipefort · 2 medium`    |
| Low / info findings      | yellow | `pipefort · 4 low`       |
| No findings              | green  | `pipefort · secured`     |
| Never scanned            | grey   | `pipefort · not scanned` |

Worst severity present wins. A grey **not scanned** badge means no public scan
exists yet for that repo — run one from [pipefort.com](https://pipefort.com) (or
the pre-filled link above) and the badge fills in.

## Endpoint

```
GET https://pipefort.com/api/badge/{owner}/{repo}
```

The `.svg` suffix is optional (`/api/badge/owner/repo` and
`/api/badge/owner/repo.svg` are equivalent). The endpoint is unauthenticated,
reads only public-scan data, and always returns a valid SVG — even for an
unknown or invalid repository — so it never renders as a broken image.

## Freshness

The badge tracks the latest public scan (within the 90-day retention window).
GitHub proxies README images through its Camo cache, which caches aggressively,
so after a new scan the badge in a README typically updates on the order of
hours rather than instantly.
