File tree Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Original file line number Diff line number Diff line change 1+ name : OSSF Scorecard
2+
3+ on :
4+ push :
5+ branches :
6+ - main
7+ schedule :
8+ - cron : " 2 15 * * 1" # once a week
9+ workflow_dispatch :
10+
11+ permissions : read-all
12+
13+ jobs :
14+ analysis :
15+ runs-on : ubuntu-latest
16+ permissions :
17+ # Needed for Code scanning upload
18+ security-events : write
19+ # Needed for GitHub OIDC token if publish_results is true
20+ id-token : write
21+ steps :
22+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
23+ with :
24+ persist-credentials : false
25+
26+ - uses : ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
27+ with :
28+ results_file : results.sarif
29+ results_format : sarif
30+ publish_results : true
31+
32+ # Upload the results as artifacts (optional). Commenting out will disable
33+ # uploads of run results in SARIF format to the repository Actions tab.
34+ # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
35+ - name : " Upload artifact"
36+ uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
37+ with :
38+ name : SARIF file
39+ path : results.sarif
40+ retention-days : 5
41+
42+ # Upload the results to GitHub's code scanning dashboard (optional).
43+ # Commenting out will disable upload of results to your repo's Code Scanning dashboard
44+ - name : " Upload to code-scanning"
45+ uses : github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
46+ with :
47+ sarif_file : results.sarif
You can’t perform that action at this time.
![otelbot[bot]](https://avatars.githubusercontent.com/in/1130599?v=4&size=40){kind=avatar}
0 commit comments