Skip to content

chore: synced local '.github/workflows/ossf-scorecard.yml' with remot… #205

chore: synced local '.github/workflows/ossf-scorecard.yml' with remot…

chore: synced local '.github/workflows/ossf-scorecard.yml' with remot… #205

name: Scorecards supply-chain security
on:
workflow_dispatch:
schedule:
# Weekly on Saturdays.
- cron: "30 1 * * 6"
push:
branches:
- main
permissions: read-all
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@7699f539c2b9ff754039f0e173fdf1a4e4a1e143
with:
results_file: ossf-results.json
results_format: json
publish_results: false
- name: "Add metadata"
run: |
full_repo="${{ github.repository }}"
OWNER=${full_repo%/*}
REPO=${full_repo#*/}
jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
- name: "Post results to Sentinel"
uses: cds-snc/sentinel-forward-data-action@main
with:
file_name: ossf-results-modified.json
log_type: GitHubMetadata_OSSF_Scorecard
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}