ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-10-26 10:28:10 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Enable Scorecard badge (#2097)

Browse Source 
Co-authored-by: Azeem Shaikh <azeems@google.com>
This commit is contained in:
Azeem Shaikh 2022-07-27 15:04:07 -04:00 committed by GitHub
parent 4f30e02a24
commit c581062fe7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/scorecard-analysis.yml vendored
View File

@ -19,6 +19,7 @@ jobs:
runs-on: ubuntu-latest
permissions:
security-events: write
token-id: write
steps:
- name: Harden Runner
@ -30,7 +31,7 @@ jobs:
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: "Run analysis"
uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564
uses: ossf/scorecard-action@3155d134e59d8f47261b1ae9d143034c69572227 # v2.0.0-beta.1
with:
results_file: results.sarif
results_format: sarif

1
README.md
View File

@ -1,5 +1,6 @@
# Security Scorecards
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard/badge)](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard)
[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5621/badge)](https://bestpractices.coreinfrastructure.org/projects/5621)
![build](https://github.com/ossf/scorecard/workflows/build/badge.svg?branch=main)
![CodeQL](https://github.com/ossf/scorecard/workflows/CodeQL/badge.svg?branch=main)