File tree Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub. They are provided
2+ # by a third-party and are governed by separate terms of service, privacy
3+ # policy, and support documentation.
4+
5+ name : Scorecard supply-chain security
6+ on :
7+ # For Branch-Protection check. Only the default branch is supported. See
8+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
9+ branch_protection_rule :
10+ # To guarantee Maintained check is occasionally updated. See
11+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
12+ schedule :
13+ - cron : " 44 15 * * 0"
14+ push :
15+ branches : [ "main" ]
16+ pull_request :
17+ branches : [ "main" ]
18+
19+ # Declare default permissions as read only.
20+ permissions : read-all
21+
22+ jobs :
23+ analysis :
24+ name : Scorecard analysis
25+ runs-on : ubuntu-latest
26+ permissions :
27+ # Needed to upload the results to code-scanning dashboard.
28+ security-events : write
29+ # Needed to publish results and get a badge (see publish_results below).
30+ id-token : write
31+
32+ steps :
33+ - name : " Checkout code"
34+ uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
35+ with :
36+ persist-credentials : false
37+
38+ - name : " Run analysis"
39+ uses : ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
40+ with :
41+ results_file : results.sarif
42+ results_format : sarif
43+ publish_results : true
44+
45+ - name : " Upload artifact"
46+ uses : actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
47+ with :
48+ name : SARIF file
49+ path : results.sarif
50+ retention-days : 5
You can’t perform that action at this time.
0 commit comments