| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- # synced from @nextcloud/android-config
- # SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
- # SPDX-FileCopyrightText: 2023 Andy Scherzinger <info@andy-scherzinger.de>
- # SPDX-License-Identifier: GPL-3.0-or-later
- name: Scorecard supply-chain security
- on:
- branch_protection_rule:
- schedule:
- - cron: '32 23 * * 4'
- push:
- branches: [ "main", "master" ]
- # Declare default permissions as read only.
- permissions: read-all
- concurrency:
- group: scorecard-supply-chain-security-${{ github.head_ref || github.run_id }}
- cancel-in-progress: true
- jobs:
- analysis:
- name: Scorecard analysis
- runs-on: ubuntu-latest
- permissions:
- # Needed to upload the results to code-scanning dashboard.
- security-events: write
- steps:
- - name: "Checkout code"
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- with:
- persist-credentials: false
- - name: "Run analysis"
- uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
- with:
- results_file: results.sarif
- results_format: sarif
- publish_results: false
- # Upload the results to GitHub's code scanning dashboard.
- - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
- with:
- sarif_file: results.sarif
|
