...

Text file src/github.com/google/flatbuffers/.github/workflows/scorecards.yml

Documentation: github.com/google/flatbuffers/.github/workflows

     1name: Scorecards supply-chain security
     2on:
     3  # Only the default branch is supported.
     4  branch_protection_rule:
     5  schedule:
     6    - cron: '21 2 * * 5'
     7  push:
     8    branches: [ master ]
     9
    10# Declare default permissions as read only.
    11permissions: read-all
    12
    13jobs:
    14  analysis:
    15    name: Scorecards analysis
    16    runs-on: ubuntu-latest
    17    permissions:
    18      # Needed to upload the results to code-scanning dashboard.
    19      security-events: write
    20      actions: read
    21      contents: read
    22
    23    steps:
    24      - name: "Checkout code"
    25        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
    26        with:
    27          persist-credentials: false
    28
    29      - name: "Run analysis"
    30        uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # v1.1.2
    31        with:
    32          results_file: results.sarif
    33          results_format: sarif
    34          # Read-only PAT token. To create it,
    35          # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
    36          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
    37          # Publish the results to enable scorecard badges. For more details, see
    38          # https://github.com/ossf/scorecard-action#publishing-results.
    39          # For private repositories, `publish_results` will automatically be set to `false`,
    40          # regardless of the value entered here.
    41          publish_results: true
    42
    43      # Upload the results as artifacts (optional).
    44      - name: "Upload artifact"
    45        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
    46        with:
    47          name: SARIF file
    48          path: results.sarif
    49          retention-days: 5
    50
    51      # Upload the results to GitHub's code scanning dashboard.
    52      - name: "Upload to code-scanning"
    53        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
    54        with:
    55          sarif_file: results.sarif

View as plain text