gha.github/.github/workflows/scorecard.yml at ac68222f09779f4a16ae952faf669b219de9c505 · ChrisGe4/gha.github · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
name: 'Scorecard'
on:
  pull_request:
  workflow_dispatch:

permissions: 'read-all'

jobs:
  analyze:
    runs-on: 'ubuntu-latest'
    permissions:
      contents: 'read'
      security-events: 'write'
      id-token: 'write'
    timeout-minutes: 20
    steps:
    - uses: 'actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd' # ratchet:actions/checkout@v6
      with:
        persist-credentials: false
    - name: 'Run Scorecard'
      uses: 'ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a' # ratchet:ossf/scorecard-action@v2.4.3
      with:
        results_file: 'results.sarif'
        results_format: 'sarif'
        publish_results: false
    - name: 'Upload to GitHub Security Tab'
      uses: 'github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13' # ratchet:github/codeql-action/upload-sarif@v4.35.1
      with:
        sarif_file: 'results.sarif'