Skip to content

Scorecard security analysis #612

Scorecard security analysis

Scorecard security analysis #612

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Scorecard security analysis"
on:
push:
branches: ["master"]
schedule:
- cron: "25 10 * * 3"
workflow_dispatch:
permissions: {}
jobs:
analyze:
name: "Scorecard security analysis"
runs-on: "ubuntu-latest"
permissions:
actions: "read"
contents: "read"
security-events: "write"
steps:
- name: "Checkout"
uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332"
- name: "Perform security analysis"
uses: "ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534"
with:
results_file: "./results.sarif"
results_format: "sarif"
repo_token: "${{ secrets.GITHUB_TOKEN }}"
publish_results: false
- name: "Upload SARIF file"
uses: "github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac"
with:
sarif_file: "./results.sarif"