File tree Expand file tree Collapse file tree 1 file changed +47
-0
lines changed
Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Scorecard supply-chain security
2+ on :
3+ # For Branch-Protection check. Only the default branch is supported. See
4+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
5+ branch_protection_rule :
6+ # To guarantee Maintained check is occasionally updated. See
7+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
8+ schedule :
9+ - cron : ' 16 20 * * 1'
10+ push :
11+ branches : [ "main" ]
12+
13+ permissions : read-all
14+
15+ jobs :
16+ analysis :
17+ name : Scorecard analysis
18+ runs-on : ubuntu-latest
19+ if : github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
20+ permissions :
21+ security-events : write
22+ id-token : write
23+
24+ steps :
25+ - name : " Checkout code"
26+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
27+ with :
28+ persist-credentials : false
29+
30+ - name : " Run analysis"
31+ uses : ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
32+ with :
33+ results_file : results.sarif
34+ results_format : sarif
35+ publish_results : true
36+
37+ - name : " Upload artifact"
38+ uses : actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
39+ with :
40+ name : SARIF file
41+ path : results.sarif
42+ retention-days : 5
43+
44+ - name : " Upload to code-scanning"
45+ uses : github/codeql-action/upload-sarif@v3
46+ with :
47+ sarif_file : results.sarif
You can’t perform that action at this time.
0 commit comments