Skip to content

OSSF Scorecard

OSSF Scorecard #44

Workflow file for this run

# SPDX-License-Identifier: MPL-2.0
name: OSSF Scorecard
on:
push:
branches: [main, master]
schedule:
- cron: '0 4 * * *'
workflow_dispatch:
# Estate guardrail: cancel superseded runs so re-pushes / rebased PR
# updates do not pile up queued runs against the shared account-wide
# Actions concurrency pool. Applied only to read-only check workflows
# (no publish/mutation), so cancelling a superseded run is always safe.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
analysis:
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
security-events: write
id-token: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Run Scorecard
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.3.1
with:
results_file: results.sarif
results_format: sarif
- name: Upload results
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v3.31.8
with:
sarif_file: results.sarif