Apache
/
commons-lang
mirror of https://github.com/apache/commons-lang.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump Scorecards from 1 to 2

This commit is contained in:
Gary Gregory 2022-10-23 15:41:29 -04:00
parent 8bdbf102fd
commit b4ef495751
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/scorecards-analysis.yml vendored
View File

@ -31,19 +31,21 @@ jobs:
name: "Scorecards analysis" name: "Scorecards analysis"
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
security-events: write # Needed to upload the results to the code-scanning dashboard. # Needed to upload the results to the code-scanning dashboard.
security-events: write
actions: read actions: read
contents: read id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.0.2 uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # 1.1.2 uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # 2.0.6
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif