Skip to content

Scorecard security analysis #67

Scorecard security analysis

Scorecard security analysis #67

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Scorecard security analysis"
on:
push:
branches: ["master"]
schedule:
- cron: "25 10 * * 3"
workflow_dispatch:
permissions: {}
jobs:
analyze:
name: "Scorecard security analysis"
runs-on: "ubuntu-latest"
permissions:
actions: "read"
contents: "read"
security-events: "write"
steps:
- name: "Checkout"
uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332"
- name: "Perform security analysis"
uses: "ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46"
with:
results_file: "./results.sarif"
results_format: "sarif"
repo_token: "${{ secrets.GITHUB_TOKEN }}"
publish_results: false
- name: "Upload SARIF file"
uses: "github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a"
with:
sarif_file: "./results.sarif"