@@ -40,35 +40,16 @@ jobs:
4040 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4141 with :
4242 persist-credentials : false
43-
44- - name : " Run analysis "
45- uses : ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
43+
44+ - name : OSSF Scorecard action
45+ uses : ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
4646 with :
47+ # OUTPUT: Path to file to store results
4748 results_file : results.sarif
49+ # OUTPUT: format of the results [json, sarif]
4850 results_format : sarif
49- # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
50- # - you want to enable the Branch-Protection check on a *public* repository, or
51- # - you are installing Scorecard on a *private* repository
52- # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
53- # repo_token: ${{ secrets.SCORECARD_TOKEN }}
54-
55- # Public repositories:
56- # - Publish results to OpenSSF REST API for easy access by consumers
57- # - Allows the repository to include the Scorecard badge.
58- # - See https://github.com/ossf/scorecard-action#publishing-results.
59- # For private repositories:
60- # - `publish_results` will always be set to `false`, regardless
61- # of the value entered here.
62- publish_results : true
63-
64- # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
65- # format to the repository Actions tab.
66- - name : " Upload artifact"
67- uses : actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
68- with :
69- name : SARIF file
70- path : results.sarif
71- retention-days : 5
51+ # INPUT: Publish results
52+ publish_results : true
7253
7354 # Upload the results to GitHub's code scanning dashboard.
7455 - name : " Upload to code-scanning"
0 commit comments