Mercurial > p > roundup > code


  
7125


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     1 # This workflow uses actions that are not certified by GitHub. They are provided


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     2 # by a third-party and are governed by separate terms of service, privacy


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     3 # policy, and support documentation.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     4 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     5 name: Scorecard supply-chain security


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     6 on:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     7   # For Branch-Protection check. Only the default branch is supported. See


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     8   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


     9   branch_protection_rule:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    10   # To guarantee Maintained check is occasionally updated. See


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    11   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    12   schedule:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    13     - cron: '25 21 * * 5'


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    14   push:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    15     branches: [ "master" ]


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    16 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    17 # Declare default permissions as read only.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    18 permissions: read-all


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    19 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    20 jobs:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    21   analysis:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    22     name: Scorecard analysis


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    23     runs-on: ubuntu-latest


7194


8dc5b3739367
Prevent github actions from running if commit includes 'no-github-ci'

John Rouillard <rouilj@ieee.org>
parents: 
7186
diff
changeset


    24 


8dc5b3739367
Prevent github actions from running if commit includes 'no-github-ci'

John Rouillard <rouilj@ieee.org>
parents: 
7186
diff
changeset


    25     if: "!contains(github.event.head_commit.message, 'no-github-ci')"


8dc5b3739367
Prevent github actions from running if commit includes 'no-github-ci'

John Rouillard <rouilj@ieee.org>
parents: 
7186
diff
changeset


    26 


7125


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    27     permissions:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    28       # Needed to upload the results to code-scanning dashboard.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    29       security-events: write


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    30       # Needed to publish results and get a badge (see publish_results below).


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    31       id-token: write


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    32       # Uncomment the permissions below if installing in a private repository.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    33       # contents: read


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    34       # actions: read


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    35 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    36     steps:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    37       - name: "Checkout code"


7641


bdc81c1e2eec
build(deps): bump actions/checkout from 4.0.0 to 4.1.0 - https://github.com/roundup-tracker/roundup/pull/50

John Rouillard <rouilj@ieee.org>
parents: 
7619
diff
changeset


    38         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0


7125


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    39         with:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    40           persist-credentials: false


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    41 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    42       - name: "Run analysis"


7514


ffa1b73444d5
Bump ossf/scorecard-action from 2.1.3 to 2.2.0 - https://github.com/roundup-tracker/roundup/pull/41

John Rouillard <rouilj@ieee.org>
parents: 
7486
diff
changeset


    43         uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0


7125


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    44         with:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    45           results_file: results.sarif


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    46           results_format: sarif


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    47           # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    48           # - you want to enable the Branch-Protection check on a *public* repository, or


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    49           # - you are installing Scorecard on a *private* repository


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    50           # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    51           # repo_token: ${{ secrets.SCORECARD_TOKEN }}


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    52 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    53           # Public repositories:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    54           #   - Publish results to OpenSSF REST API for easy access by consumers


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    55           #   - Allows the repository to include the Scorecard badge.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    56           #   - See https://github.com/ossf/scorecard-action#publishing-results.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    57           # For private repositories:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    58           #   - `publish_results` will always be set to `false`, regardless


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    59           #     of the value entered here.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    60           publish_results: true


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    61 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    62       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    63       # format to the repository Actions tab.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    64       - name: "Upload artifact"


7619


92cc709b43ee
chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 - https://github.com/roundup-tracker/roundup/pull/49

John Rouillard <rouilj@ieee.org>
parents: 
7617
diff
changeset


    65         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3


7125


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    66         with:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    67           name: SARIF file


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    68           path: results.sarif


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    69           retention-days: 5


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    70 


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    71       # Upload the results to GitHub's code scanning dashboard.


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    72       - name: "Upload to code-scanning"


7486


0b4028a75705
Bump github/codeql-action from 2.3.6 to 2.13.4 - https://github.com/roundup-tracker/roundup/pull/38

John Rouillard <rouilj@ieee.org>
parents: 
7485
diff
changeset


    73         uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.27


7125


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    74         with:


264ddc581f4f
add ossf-scorecard security evaluation

John Rouillard <rouilj@ieee.org>
parents: 
diff
changeset


    75           sarif_file: results.sarif
author	John Rouillard <rouilj@ieee.org>
date	Fri, 06 Oct 2023 09:53:22 -0400
parents	bdc81c1e2eec
children	6ed521352d22
rev	line source
7125 264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	1 # This workflow uses actions that are not certified by GitHub. They are provided
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	2 # by a third-party and are governed by separate terms of service, privacy
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	3 # policy, and support documentation.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	4
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	5 name: Scorecard supply-chain security
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	6 on:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	7 # For Branch-Protection check. Only the default branch is supported. See
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	8 # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	9 branch_protection_rule:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	10 # To guarantee Maintained check is occasionally updated. See
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	11 # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	12 schedule:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	13 - cron: '25 21 * * 5'
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	14 push:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	15 branches: [ "master" ]
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	16
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	17 # Declare default permissions as read only.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	18 permissions: read-all
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	19
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	20 jobs:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	21 analysis:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	22 name: Scorecard analysis
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	23 runs-on: ubuntu-latest
7194 8dc5b3739367 Prevent github actions from running if commit includes 'no-github-ci' John Rouillard <rouilj@ieee.org> parents: 7186 diff changeset	24
8dc5b3739367 Prevent github actions from running if commit includes 'no-github-ci' John Rouillard <rouilj@ieee.org> parents: 7186 diff changeset	25 if: "!contains(github.event.head_commit.message, 'no-github-ci')"
8dc5b3739367 Prevent github actions from running if commit includes 'no-github-ci' John Rouillard <rouilj@ieee.org> parents: 7186 diff changeset	26
7125 264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	27 permissions:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	28 # Needed to upload the results to code-scanning dashboard.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	29 security-events: write
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	30 # Needed to publish results and get a badge (see publish_results below).
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	31 id-token: write
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	32 # Uncomment the permissions below if installing in a private repository.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	33 # contents: read
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	34 # actions: read
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	35
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	36 steps:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	37 - name: "Checkout code"
7641 bdc81c1e2eec build(deps): bump actions/checkout from 4.0.0 to 4.1.0 - https://github.com/roundup-tracker/roundup/pull/50 John Rouillard <rouilj@ieee.org> parents: 7619 diff changeset	38 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
7125 264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	39 with:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	40 persist-credentials: false
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	41
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	42 - name: "Run analysis"
7514 ffa1b73444d5 Bump ossf/scorecard-action from 2.1.3 to 2.2.0 - https://github.com/roundup-tracker/roundup/pull/41 John Rouillard <rouilj@ieee.org> parents: 7486 diff changeset	43 uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
7125 264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	44 with:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	45 results_file: results.sarif
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	46 results_format: sarif
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	47 # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	48 # - you want to enable the Branch-Protection check on a public repository, or
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	49 # - you are installing Scorecard on a private repository
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	50 # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	51 # repo_token: ${{ secrets.SCORECARD_TOKEN }}
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	52
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	53 # Public repositories:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	54 # - Publish results to OpenSSF REST API for easy access by consumers
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	55 # - Allows the repository to include the Scorecard badge.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	56 # - See https://github.com/ossf/scorecard-action#publishing-results.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	57 # For private repositories:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	58 # - `publish_results` will always be set to `false`, regardless
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	59 # of the value entered here.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	60 publish_results: true
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	61
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	62 # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	63 # format to the repository Actions tab.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	64 - name: "Upload artifact"
7619 92cc709b43ee chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 - https://github.com/roundup-tracker/roundup/pull/49 John Rouillard <rouilj@ieee.org> parents: 7617 diff changeset	65 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
7125 264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	66 with:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	67 name: SARIF file
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	68 path: results.sarif
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	69 retention-days: 5
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	70
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	71 # Upload the results to GitHub's code scanning dashboard.
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	72 - name: "Upload to code-scanning"
7486 0b4028a75705 Bump github/codeql-action from 2.3.6 to 2.13.4 - https://github.com/roundup-tracker/roundup/pull/38 John Rouillard <rouilj@ieee.org> parents: 7485 diff changeset	73 uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.27
7125 264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	74 with:
264ddc581f4f add ossf-scorecard security evaluation John Rouillard <rouilj@ieee.org> parents: diff changeset	75 sarif_file: results.sarif