Skip to content

Workflow file for this run

name: 'Scorecard security analysis'
on:
push:
branches: ['master']
schedule:
- cron: '25 10 * * 3'
workflow_dispatch:
permissions: {}
jobs:
analyze:
name: 'Scorecard security analysis'
runs-on: 'ubuntu-latest'
permissions:
actions: 'read'
contents: 'read'
security-events: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
- name: 'Perform security analysis'
uses: 'ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031'
with:
results_file: './results.sarif'
results_format: 'sarif'
repo_token: '${{ secrets.GITHUB_TOKEN }}'
publish_results: false
- name: 'Upload SARIF file'
uses: 'github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a'
with:
sarif_file: './results.sarif'