Skip to content

Scorecard security analysis #658

Scorecard security analysis

Scorecard security analysis #658

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Scorecard security analysis"
on:
push:
branches: ["master"]
schedule:
- cron: "25 10 * * 3"
workflow_dispatch:
permissions: {}
jobs:
analyze:
name: "Scorecard security analysis"
runs-on: "ubuntu-latest"
permissions:
actions: "read"
contents: "read"
security-events: "write"
steps:
- name: "Checkout"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683"
- name: "Perform security analysis"
uses: "ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46"
with:
results_file: "./results.sarif"
results_format: "sarif"
repo_token: "${{ secrets.GITHUB_TOKEN }}"
publish_results: false
- name: "Upload SARIF file"
uses: "github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd"
with:
sarif_file: "./results.sarif"