Skip to content

ci(deps): bump actions/checkout from 6.0.3 to 7.0.0 in the all group … #44

ci(deps): bump actions/checkout from 6.0.3 to 7.0.0 in the all group …

ci(deps): bump actions/checkout from 6.0.3 to 7.0.0 in the all group … #44

Workflow file for this run

# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json
---
name: 🛡️ OpenSSF Scorecard
on:
# For Branch-Protection check. Only the default branch is supported.
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# Weekly schedule to keep the Maintained check updated.
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
# yamllint disable-line rule:quoted-strings
- cron: "30 3 * * 1"
push:
branches:
- main
workflow_dispatch:
# Deny all permissions by default; grant only what's needed at job level.
permissions: {}
jobs:
scorecard:
name: 🛡️ Scorecard Analysis
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # Checkout repository
security-events: write # Upload SARIF to code-scanning dashboard
id-token: write # Publish results and obtain badge
steps:
- name: ⤵️ Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: 🛡️ Run Scorecard
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true
- name: 📤 Upload SARIF artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: scorecard-sarif
path: results.sarif
retention-days: 5
- name: 📤 Upload to code-scanning
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
sarif_file: results.sarif