FilesExpand file tree

 main

/

oss-scorecard.yaml

Copy path

View Runs

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

38 lines (32 loc) · 991 Bytes

 main

/

oss-scorecard.yaml

Top

File metadata and controls

• Code
• Blame

38 lines (32 loc) · 991 Bytes

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

# SPDX-FileCopyrightText: the secureCodeBox authors

#

# SPDX-License-Identifier: Apache-2.0

name: Scorecards supply-chain security

on:

push:

branches:

- main

permissions: read-all

jobs:

analysis:

name: Scorecards analysis

runs-on: ubuntu-latest

permissions:

security-events: write

id-token: write

steps:

- name: Checkout

uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

with:

persist-credentials: false

- name: "Run analysis"

uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3

with:

results_file: results.sarif

results_format: sarif

publish_results: true

# Upload the results to GitHub's code scanning dashboard.

- name: "Upload to code-scanning"

uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0

with:

sarif_file: results.sarif