OpenSSF Scorecard #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenSSF Scorecard | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the "main" branch | |
| # push: | |
| # branches: [ "main" ] | |
| # pull_request: | |
| # branches: [ "main" ] | |
| # Schedule the workflow to trigger at a specified time each day using a CRON expression | |
| # schedule: | |
| # ┌───────────── minute (0 - 59) | |
| # │ ┌───────────── hour (0 - 23) | |
| # │ │ ┌───────────── day of the month (1 - 31) | |
| # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) | |
| # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) | |
| # │ │ │ │ │ | |
| # - cron: '25 0 * * *' # Runs at 12:25am UTC every day | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| jobs: | |
| run-scorecard: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repository | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # Run the OpenSSF Scorecard action | |
| - name: Run OpenSSF Scorecard | |
| uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 | |
| with: | |
| #results_file: results.sarif | |
| #results_format: sarif | |
| results_file: results.json | |
| results_format: json | |
| publish_results: false # means cannot get the badge | |
| env: | |
| DISABLE_SIGSTORE: "true" | |
| - name: Print detailed Scorecard results | |
| run: | | |
| echo "📋 OpenSSF Scorecard Results (Detailed)" | |
| echo "----------------------------------------" | |
| jq -r ' | |
| .checks[] | | |
| "🔍 \(.name): \(.score)/10\n📌 \(.reason)\n" + | |
| ( | |
| (.details // []) | |
| | map(" - " + .) | |
| | join("\n") | |
| ) + "\n" | |
| ' results.json | |
| - name: Upload Scorecard Results | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 | |
| with: | |
| name: scorecard-results | |
| path: results.json |