File tree 2 files changed +46
-67
lines changed
2 files changed +46
-67
lines changed Original file line number Diff line number Diff line change
1
+ name : OSSF Scorecard
2
+
3
+ on :
4
+ push :
5
+ branches :
6
+ - main
7
+ schedule :
8
+ - cron : " 43 6 * * 5" # weekly at 06:43 (UTC) on Friday
9
+
10
+ permissions : read-all
11
+
12
+ jobs :
13
+ analysis :
14
+ runs-on : ubuntu-latest
15
+ permissions :
16
+ # Needed for Code scanning upload
17
+ security-events : write
18
+ # Needed for GitHub OIDC token if publish_results is true
19
+ id-token : write
20
+ steps :
21
+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
22
+ with :
23
+ persist-credentials : false
24
+
25
+ - uses : ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
26
+ with :
27
+ results_file : results.sarif
28
+ results_format : sarif
29
+ publish_results : true
30
+
31
+ # Upload the results as artifacts (optional). Commenting out will disable
32
+ # uploads of run results in SARIF format to the repository Actions tab.
33
+ # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
34
+ - name : " Upload artifact"
35
+ uses : actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
36
+ with :
37
+ name : SARIF file
38
+ path : results.sarif
39
+ retention-days : 5
40
+
41
+ # Upload the results to GitHub's code scanning dashboard (optional).
42
+ # Commenting out will disable upload of results to your repo's Code Scanning dashboard
43
+ - name : " Upload to code-scanning"
44
+ uses : github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
45
+ with :
46
+ sarif_file : results.sarif
Load Diff This file was deleted.
You can’t perform that action at this time.
0 commit comments