Bump Scorecards from 1 to 2

2022-10-23 15:41:29 -04:00 · 2022-10-23 15:41:29 -04:00 · b4ef495751
parent 8bdbf102fd
commit b4ef495751
1 changed files with 6 additions and 4 deletions
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@ -31,19 +31,21 @@ jobs:
    name: "Scorecards analysis"
    runs-on: ubuntu-latest
    permissions:
-      security-events: write    # Needed to upload the results to the code-scanning dashboard.
+      # Needed to upload the results to the code-scanning dashboard.
+      security-events: write
      actions: read
-      contents: read
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout

    steps:

      - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8   # 3.0.2
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8   # 3.1.0
        with:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564    # 1.1.2
+        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d    # 2.0.6
        with:
          results_file: results.sarif
          results_format: sarif