🛡️ Security: OpenSSF Scorecard — main #1

	name: "🛡️ Security: OpenSSF Scorecard"
	run-name: >-
	${{
	github.event_name == 'branch_protection_rule' && '🛡️ Security: OpenSSF Scorecard — Branch protection changed' \|\|
	github.event_name == 'schedule' && '🛡️ Security: OpenSSF Scorecard — Weekly schedule' \|\|
	format('🛡️ Security: OpenSSF Scorecard — {0}', github.ref_name)
	}}

	on:
	push:
	branches:
	- main
	branch_protection_rule:
	schedule:
	- cron: '0 6 * * 1' # Weekly on Monday at 06:00 UTC

	permissions: read-all

	jobs:
	analysis:
	name: "🛡️ Security: Scorecard Analysis"
	runs-on: ubuntu-latest
	timeout-minutes: 20
	permissions:
	contents: read # Checkout code
	security-events: write # Upload SARIF results
	id-token: write # Publish results to OpenSSF REST API

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false

	- name: Run analysis
	uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
	with:
	results_file: results.sarif
	results_format: sarif
	publish_results: true

	- name: Upload to code-scanning
	uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
	with:
	sarif_file: results.sarif

Provide feedback