From cafb4d2f43105cfc2322760e17aeb340ac4a6086 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sun, 23 Oct 2022 15:11:16 -0400 Subject: [PATCH] Update for Scorecards 2 --- .github/workflows/scorecards-analysis.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 63c80e4b..f0ae5ad3 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -31,9 +31,11 @@ jobs: name: "Scorecards analysis" runs-on: ubuntu-latest permissions: - security-events: write # Needed to upload the results to the code-scanning dashboard. + # Needed to upload the results to the code-scanning dashboard. + security-events: write actions: read - contents: read + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout steps: