feat: add security-gates and update README (#119)

emrecanvurallll · web-flow · commit 0edea3b64b39 · 2025-01-31T00:59:59.000+03:00
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,62 @@
+
+name: Scorecard supply-chain security
+
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '29 23 * * 3'
+  push:
+    branches: [ "main", "master"]
+  pull_request:
+    branches: ["main", "master"]
+
+permissions: read-all
+
+jobs:
+  visibility-check:
+    # Bu job, deponun public/private olduğunu belirler
+    outputs:
+      visibility: ${{ steps.drv.outputs.visibility }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Determine repository visibility
+        id: drv
+        run: |
+          visibility=$(gh api /repos/$GITHUB_REPOSITORY --jq '.visibility')
+          echo "visibility=$visibility" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+  analysis:
+    if: ${{ needs.visibility-check.outputs.visibility == 'public' }}
+    needs: visibility-check
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif
+
+
diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/Trendyol/go-dcp/badge)](https://scorecard.dev/viewer/?uri=github.com/Trendyol/go-dcp)
 # Go Dcp [![Go Reference](https://pkg.go.dev/badge/github.com/Trendyol/go-dcp.svg)](https://pkg.go.dev/github.com/Trendyol/go-dcp) [![Go Report Card](https://goreportcard.com/badge/github.com/Trendyol/go-dcp)](https://goreportcard.com/report/github.com/Trendyol/go-dcp)
 
 This repository contains go implementation of a Couchbase Database Change Protocol (DCP) client.

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+`
	`2`	`+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/Trendyol/go-dcp/badge)](https://scorecard.dev/viewer/?uri=github.com/Trendyol/go-dcp)`
`1`	`3`	`# Go Dcp [![Go Reference](https://pkg.go.dev/badge/github.com/Trendyol/go-dcp.svg)](https://pkg.go.dev/github.com/Trendyol/go-dcp) [![Go Report Card](https://goreportcard.com/badge/github.com/Trendyol/go-dcp)](https://goreportcard.com/report/github.com/Trendyol/go-dcp)`
`2`	`4`
`3`	`5`	`This repository contains go implementation of a Couchbase Database Change Protocol (DCP) client.`