scorecard.yml

name: 'Scorecard security analysis'

on:
  push:
    branches: ['master']
  schedule:
    - cron: '25 10 * * 3'
  workflow_dispatch:

permissions: {}

jobs:

  analyze:
    name: 'Scorecard security analysis'
    runs-on: 'ubuntu-latest'
    permissions:
      actions: 'read'
      contents: 'read'
      security-events: 'write'
    steps:
      - name: 'Checkout'
        uses: 'actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608'
      - name: 'Perform security analysis'
        uses: 'ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031'
        with:
          results_file: './results.sarif'
          results_format: 'sarif'
          repo_token: '${{ secrets.GITHUB_TOKEN }}'
          publish_results: false
      - name: 'Upload SARIF file'
        uses: 'github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a'
        with:
          sarif_file: './results.sarif'