We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent f47ac6b commit b4295b5Copy full SHA for b4295b5
1 file changed
.github/workflows/scorecard.yml
@@ -0,0 +1,27 @@
1
+name: OpenSSF Scorecard
2
+
3
+on:
4
+ branch_protection_rule:
5
+ schedule:
6
+ - cron: "23 3 * * 1"
7
+ workflow_dispatch:
8
9
+permissions:
10
+ contents: read
11
+ security-events: write
12
+ id-token: write
13
14
+jobs:
15
+ scorecard:
16
+ runs-on: ubuntu-latest
17
+ steps:
18
+ - name: Run Scorecard
19
+ uses: ossf/scorecard-action@v2.4.0
20
+ with:
21
+ results_file: results.sarif
22
+ results_format: sarif
23
+ publish_results: true
24
+ - name: Upload SARIF
25
+ uses: github/codeql-action/upload-sarif@v3
26
27
+ sarif_file: results.sarif
0 commit comments