Skip to content

Commit 72e0a55

Browse files
committed
add scorecard workflow
1 parent b0eff4f commit 72e0a55

File tree

1 file changed

+48
-0
lines changed

1 file changed

+48
-0
lines changed
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
on:
2+
branch_protection_rule:
3+
schedule:
4+
- cron: "0 9 * * *"
5+
push:
6+
branches: [main]
7+
workflow_dispatch: {}
8+
9+
name: OpenSSF Scorecard
10+
run-name: OpenSSF Scorecard
11+
12+
permissions: read-all
13+
14+
jobs:
15+
analysis:
16+
name: Scorecard analysis
17+
runs-on: ubuntu-latest
18+
environment: Security
19+
permissions:
20+
security-events: write
21+
id-token: write
22+
23+
steps:
24+
- name: "Checkout code"
25+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
26+
with:
27+
persist-credentials: false
28+
29+
- name: "Run analysis"
30+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
31+
with:
32+
results_file: results.sarif
33+
results_format: sarif
34+
publish_results: true
35+
repo_token: ${{ secrets.SCORECARD_TOKEN }}
36+
37+
- name: "Upload results"
38+
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
39+
with:
40+
name: SARIF file
41+
path: results.sarif
42+
retention-days: 5
43+
44+
# Upload the results to GitHub's code scanning dashboard.
45+
- name: "Upload to code-scanning"
46+
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
47+
with:
48+
sarif_file: results.sarif

0 commit comments

Comments
 (0)