Skip to content

Scorecard security analysis #594

Scorecard security analysis

Scorecard security analysis #594

Workflow file for this run

name: "Scorecard security analysis"
on:
push:
branches: ["master"]
schedule:
- cron: "25 10 * * 3"
workflow_dispatch:
permissions: {}
jobs:
analyze:
name: "Scorecard security analysis"
runs-on: "ubuntu-latest"
permissions:
actions: "read"
contents: "read"
security-events: "write"
steps:
- name: "Checkout"
uses: "actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29"
- name: "Perform security analysis"
uses: "ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534"
with:
results_file: "./results.sarif"
results_format: "sarif"
repo_token: "${{ secrets.GITHUB_TOKEN }}"
publish_results: false
- name: "Upload SARIF file"
uses: "github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff"
with:
sarif_file: "./results.sarif"