OpenSSF Scorecard #3

	name: OpenSSF Scorecard

	on:
	push:
	branches: [main]
	schedule:
	- cron: "15 7 * * 1"

	# Workflow-level permissions must be read-only for Scorecard verification.
	# Write permissions are scoped to the job level below.
	permissions: read-all

	jobs:
	analysis:
	name: Scorecard analysis
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	id-token: write
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false

	- uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
	with:
	results_file: results.sarif
	results_format: sarif
	publish_results: true

	- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
	with:
	name: SARIF file
	path: results.sarif
	retention-days: 5

	- uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4
	with:
	sarif_file: results.sarif

Provide feedback