Skip to content

Commit 42b3b08

Browse files
Merge branch 'eclipse-wakaama:main' into gardena/rs/upstream/openssf-best-practices
2 parents e1b4833 + 04b826a commit 42b3b08

File tree

2 files changed

+60
-0
lines changed

2 files changed

+60
-0
lines changed

.github/workflows/scorecard.yml

+58
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
name: Scorecard supply-chain security
2+
on:
3+
# For Branch-Protection check. Only the default branch is supported. See
4+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
5+
branch_protection_rule:
6+
# To guarantee Maintained check is occasionally updated. See
7+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
8+
schedule:
9+
- cron: '30 4 * * 0'
10+
push:
11+
branches:
12+
- gardena/rs/upstream/run-openssf-score-card
13+
- main
14+
15+
permissions: read-all
16+
17+
jobs:
18+
analysis:
19+
name: Scorecard analysis
20+
runs-on: ubuntu-latest
21+
permissions:
22+
# Needed to upload the results to code-scanning dashboard.
23+
security-events: write
24+
# Needed to publish results and get a badge (see publish_results below).
25+
id-token: write
26+
27+
steps:
28+
- name: "Checkout code"
29+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
30+
with:
31+
persist-credentials: false
32+
33+
- name: "Run analysis"
34+
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
35+
with:
36+
results_file: results.sarif
37+
results_format: sarif
38+
# - Publish results to OpenSSF REST API for easy access by consumers
39+
# - Allows the repository to include the Scorecard badge.
40+
# - See https://github.com/ossf/scorecard-action#publishing-results.
41+
publish_results: true
42+
43+
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
44+
# format to the repository Actions tab.
45+
- name: "Upload artifact"
46+
uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
47+
with:
48+
name: SARIF file
49+
path: results.sarif
50+
retention-days: 5
51+
52+
# Upload the results to GitHub's code scanning dashboard (optional).
53+
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
54+
- name: "Upload to code-scanning"
55+
uses: github/codeql-action/upload-sarif@v3
56+
with:
57+
sarif_file: results.sarif
58+

README.md

+2
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
[![Build](https://github.com/eclipse/wakaama/actions/workflows/build_and_test.yaml/badge.svg)](https://github.com/eclipse/wakaama/actions/workflows/build_and_test.yaml)
44
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9686/badge)](https://www.bestpractices.dev/projects/9686)
55

6+
[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/eclipse-wakaama/wakaama/badge)](https://scorecard.dev/viewer/?uri=github.com/eclipse-wakaama/wakaama)
7+
68
Wakaama (formerly liblwm2m) is an implementation of the Open Mobile Alliance's LightWeight M2M
79
protocol (LWM2M).
810

0 commit comments

Comments
 (0)