Skip to content
This repository was archived by the owner on Oct 25, 2024. It is now read-only.

Commit 087056c

Browse files
Create scorecard.yml
Scorecard not calculating correctly in shared cron job, adding explicitly for Intel compliance Signed-off-by: Stewart Blacklock <[email protected]>
1 parent e6cbde1 commit 087056c

File tree

1 file changed

+63
-0
lines changed

1 file changed

+63
-0
lines changed

.github/workflows/scorecard.yml

+63
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
# This workflow uses actions that are not certified by GitHub. They are provided
2+
# by a third-party and are governed by separate terms of service, privacy
3+
# policy, and support documentation.
4+
5+
name: Scorecard supply-chain security
6+
on:
7+
# For Branch-Protection check. Only the default branch is supported. See
8+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
9+
branch_protection_rule:
10+
# To guarantee Maintained check is occasionally updated. See
11+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
12+
schedule:
13+
- cron: '33 21 * * 6'
14+
push:
15+
branches: [ "main" ]
16+
17+
# Declare default permissions as read only.
18+
permissions: read-all
19+
20+
jobs:
21+
analysis:
22+
name: Scorecard analysis
23+
runs-on: ubuntu-latest
24+
permissions:
25+
# Needed to upload the results to code-scanning dashboard.
26+
security-events: write
27+
# Needed to publish results and get a badge (see publish_results below).
28+
id-token: write
29+
# Uncomment the permissions below if installing in a private repository.
30+
# contents: read
31+
# actions: read
32+
33+
steps:
34+
- name: "Checkout code"
35+
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
36+
with:
37+
persist-credentials: false
38+
39+
- name: "Run analysis"
40+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
41+
with:
42+
results_file: results.sarif
43+
results_format: sarif
44+
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
45+
# - you want to enable the Branch-Protection check on a *public* repository, or
46+
# - you are installing Scorecard on a *private* repository
47+
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
48+
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
49+
50+
# Public repositories:
51+
# - Publish results to OpenSSF REST API for easy access by consumers
52+
# - Allows the repository to include the Scorecard badge.
53+
# - See https://github.com/ossf/scorecard-action#publishing-results.
54+
# For private repositories:
55+
# - `publish_results` will always be set to `false`, regardless
56+
# of the value entered here.
57+
publish_results: true
58+
59+
# Upload the results to GitHub's code scanning dashboard.
60+
- name: "Upload to code-scanning"
61+
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
62+
with:
63+
sarif_file: results.sarif

0 commit comments

Comments
 (0)