OpenSSF Scorecard #68
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenSSF Scorecard | |
| on: | |
| # Run on pushes to main for scoring | |
| push: | |
| branches: [main] | |
| # Run weekly | |
| schedule: | |
| - cron: '0 6 * * 1' # Every Monday at 6am UTC | |
| # Allow manual trigger | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| analysis: | |
| name: Scorecard Analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write # Upload SARIF | |
| id-token: write # Publish results | |
| contents: read | |
| actions: read | |
| steps: | |
| # Using exact SHAs from official ossf/scorecard workflow for publish_results verification | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run Scorecard | |
| uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 | |
| with: | |
| results_file: results.sarif | |
| results_format: sarif | |
| publish_results: true | |
| - name: Upload SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 | |
| with: | |
| sarif_file: results.sarif |