| name: OpenSSF Scorecard |
| |
| on: |
| branch_protection_rule: |
| schedule: |
| - cron: "17 6 * * 1" |
| push: |
| branches: ["main"] |
| |
| permissions: {} |
| |
| jobs: |
| analysis: |
| name: Scorecard analysis |
| runs-on: ubuntu-latest |
| timeout-minutes: 15 |
| permissions: |
| security-events: write |
| id-token: write |
| contents: read |
| actions: read |
| |
| steps: |
| - name: Checkout |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
| with: |
| persist-credentials: false |
| |
| - name: Run analysis |
| uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 |
| with: |
| results_file: results.sarif |
| results_format: sarif |
| publish_results: true |
| |
| - name: Upload artifact |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 |
| with: |
| name: SARIF file |
| path: results.sarif |
| retention-days: 5 |
| |
| - name: Upload to code scanning |
| uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 |
| with: |
| sarif_file: results.sarif |
