File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # Runs the OpenSSF Scorecard on a weekly schedule and publishes results
2+ # to the OpenSSF dashboard and GitHub Security tab.
3+ # https://github.com/ossf/scorecard-action
4+
5+ name : OpenSSF Scorecard
6+
7+ on :
8+ # Run on branch protection rule changes
9+ branch_protection_rule :
10+ # Weekly schedule
11+ schedule :
12+ - cron : " 30 1 * * 1"
13+ # Allow manual trigger
14+ workflow_dispatch :
15+
16+ # Declare default permissions as read only
17+ permissions : read-all
18+
19+ jobs :
20+ analysis :
21+ name : Scorecard analysis
22+ runs-on : ubuntu-latest
23+ if : ${{ github.repository_owner == 'python-wheel-build' }}
24+
25+ permissions :
26+ # Needed for Code Scanning upload
27+ security-events : write
28+ # Needed to publish results
29+ id-token : write
30+ # Read repo contents
31+ contents : read
32+ # Read actions
33+ actions : read
34+
35+ steps :
36+ - name : Checkout code
37+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
38+ with :
39+ persist-credentials : false
40+
41+ - name : Run analysis
42+ uses : ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
43+ with :
44+ results_file : results.sarif
45+ results_format : sarif
46+ publish_results : true
47+
48+ - name : Upload artifact
49+ uses : actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
50+ with :
51+ name : SARIF file
52+ path : results.sarif
53+ retention-days : 5
54+
55+ - name : Upload to code-scanning
56+ uses : github/codeql-action/upload-sarif@7fc1baf373eb073c686865bd453d412d506a05a2 # v3
57+ with :
58+ sarif_file : results.sarif
You can’t perform that action at this time.
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?v=4&size=40){kind=avatar}
0 commit comments