urllib3

1
name: "Scorecard"
2
on:
3
  branch_protection_rule:
4
  schedule:
5
    - cron: "0 0 * * 0"
6
  push:
7
    branches: ["main", "1.26.x"]
8

9
permissions: read-all
10

11
jobs:
12
  analysis:
13
    if: github.repository_owner == 'urllib3'
14
    name: "Scorecard"
15
    runs-on: "ubuntu-latest"
16
    permissions:
17
      security-events: write
18
      id-token: write
19
      contents: read
20
      actions: read
21

22
    steps:
23
      - name: "Checkout repository"
24
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
25
        with:
26
          persist-credentials: false
27

28
      - name: "Run Scorecard"
29
        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
30
        with:
31
          results_file: results.sarif
32
          results_format: sarif
33
          repo_token: ${{ secrets.SCORECARD_TOKEN }}
34
          publish_results: true
35