File tree Expand file tree Collapse file tree 1 file changed +35
-2
lines changed Expand file tree Collapse file tree 1 file changed +35
-2
lines changed Original file line number Diff line number Diff line change 2222 schedule :
2323 - cron : " 30 1 * * 6" # Weekly on Saturdays
2424 push :
25- branches : [ "2.x" ]
25+ branches : [ "2.x", "main" ]
2626
2727permissions : read-all
2828
2929jobs :
3030
3131 analysis :
32- uses : apache/logging-parent/.github/workflows/scorecards-analysis-reusable.yaml@main
32+
33+ name : " Scorecards analysis"
34+ runs-on : ubuntu-latest
3335 permissions :
3436 # Needed to upload the results to the code-scanning dashboard.
3537 security-events : write
3638 actions : read
3739 id-token : write # This is required for requesting the JWT
3840 contents : read # This is required for actions/checkout
41+
42+ steps :
43+
44+ - name : " Checkout code"
45+ uses : actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # 4.1.0
46+ with :
47+ persist-credentials : false
48+
49+ - name : " Run analysis"
50+ uses : ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # 2.2.0
51+ with :
52+ results_file : results.sarif
53+ results_format : sarif
54+ # A read-only PAT token, which is sufficient for the action to function.
55+ # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188
56+ repo_token : ${{ secrets.GITHUB_TOKEN }}
57+ # Publish the results for public repositories to enable scorecard badges.
58+ # For more details: https://github.com/ossf/scorecard-action#publishing-results
59+ publish_results : true
60+
61+ - name : " Upload artifact"
62+ uses : actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # 3.1.0
63+ with :
64+ name : SARIF file
65+ path : results.sarif
66+ retention-days : 5
67+
68+ - name : " Upload to code-scanning"
69+ uses : github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab # 2.1.22
70+ with :
71+ sarif_file : results.sarif
You can’t perform that action at this time.
0 commit comments