File tree Expand file tree Collapse file tree 1 file changed +46
-0
lines changed
Expand file tree Collapse file tree 1 file changed +46
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Scorecard supply-chain security
2+ on :
3+ # For Branch-Protection check. Only the default branch is supported. See
4+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
5+ branch_protection_rule :
6+ # To guarantee Maintained check is occasionally updated. See
7+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
8+ schedule :
9+ - cron : ' 25 1 * * 2'
10+ push :
11+ branches : [ "master" ]
12+
13+ permissions : read-all
14+
15+ jobs :
16+ analysis :
17+ name : Scorecard analysis
18+ runs-on : ubuntu-latest
19+ permissions :
20+ security-events : write # Needed to upload the results to code-scanning dashboard.
21+ id-token : write # Needed to publish results and get a badge (see publish_results below).
22+
23+ steps :
24+ - name : " Checkout code"
25+ uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
26+ with :
27+ persist-credentials : false
28+
29+ - name : " Run analysis"
30+ uses : ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
31+ with :
32+ results_file : results.sarif
33+ results_format : sarif
34+ publish_results : true
35+
36+ - name : " Upload artifact"
37+ uses : actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
38+ with :
39+ name : SARIF file
40+ path : results.sarif
41+ retention-days : 5
42+
43+ - name : " Upload to code-scanning"
44+ uses : github/codeql-action/upload-sarif@v3
45+ with :
46+ sarif_file : results.sarif
You can’t perform that action at this time.
0 commit comments