vrr/gitingest
2
0
Fork 0
mirror of https://github.com/cyclotruc/gitingest.git synced 2026-04-28 11:59:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
gitingest/.github/workflows/scorecard.yml
renovate[bot] 15949d3df5
chore(deps): update actions/checkout digest to 8edcb1b (#490) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-08-05 18:09:52 +02:00

44 lines
1.3 KiB
YAML
Raw Blame History

name: OSSF Scorecard
on:
branch_protection_rule:
schedule:
- cron: '33 11 * * 2' # Every Tuesday at 11:33 AM UTC
push:
branches: [ main ]
permissions: read-all
concurrency: # avoid overlapping runs
group: scorecard-${{ github.ref }}
cancel-in-progress: true
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
security-events: write # upload SARIF to code-scanning
id-token: write # publish results for the badge
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709
with:
persist-credentials: false
- name: Run Scorecard
uses: ossf/scorecard-action@f35c64557cf912815708bb1126d9948f3e459487
with:
results_file: results.sarif
results_format: sarif
publish_results: true # enables the public badge
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
with:
sarif_file: results.sarif
Reference in a new issue View git blame Copy permalink