├── README.md └── .github └── workflows └── scorecard.yml /README.md: -------------------------------------------------------------------------------- 1 | # animated-fiesta 2 | Adding some text. 3 | By ahu. 4 | -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. They are provided 2 | # by a third-party and are governed by separate terms of service, privacy 3 | # policy, and support documentation. 4 | 5 | name: Scorecard supply-chain security 6 | on: 7 | # For Branch-Protection check. Only the default branch is supported. See 8 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection 9 | branch_protection_rule: 10 | # To guarantee Maintained check is occasionally updated. See 11 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained 12 | schedule: 13 | - cron: '32 9 * * 4' 14 | push: 15 | branches: [ "main" ] 16 | pull_request: 17 | 18 | # Declare default permissions as read only. 19 | permissions: read-all 20 | 21 | jobs: 22 | analysis: 23 | name: Scorecard analysis 24 | runs-on: ubuntu-latest 25 | # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled. 26 | if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request' 27 | permissions: 28 | # Needed to upload the results to code-scanning dashboard. 29 | security-events: write 30 | # Needed to publish results and get a badge (see publish_results below). 31 | id-token: write 32 | # Uncomment the permissions below if installing in a private repository. 33 | # contents: read 34 | # actions: read 35 | 36 | steps: 37 | - name: "Checkout code" 38 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 39 | with: 40 | persist-credentials: false 41 | 42 | - name: "Run analysis" 43 | uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 44 | with: 45 | results_file: results.sarif 46 | results_format: sarif 47 | # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: 48 | # - you want to enable the Branch-Protection check on a *public* repository, or 49 | # - you are installing Scorecard on a *private* repository 50 | # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. 51 | # repo_token: ${{ secrets.SCORECARD_TOKEN }} 52 | 53 | # Public repositories: 54 | # - Publish results to OpenSSF REST API for easy access by consumers 55 | # - Allows the repository to include the Scorecard badge. 56 | # - See https://github.com/ossf/scorecard-action#publishing-results. 57 | # For private repositories: 58 | # - `publish_results` will always be set to `false`, regardless 59 | # of the value entered here. 60 | publish_results: true 61 | 62 | # (Optional) Uncomment file_mode if you have a .gitattributes with files marked export-ignore 63 | # file_mode: git 64 | 65 | # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF 66 | # format to the repository Actions tab. 67 | - name: "Upload artifact" 68 | uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 69 | with: 70 | name: SARIF file 71 | path: results.sarif 72 | retention-days: 5 73 | 74 | # Upload the results to GitHub's code scanning dashboard (optional). 75 | # Commenting out will disable upload of results to your repo's Code Scanning dashboard 76 | - name: "Upload to code-scanning" 77 | uses: github/codeql-action/upload-sarif@v3 78 | with: 79 | sarif_file: results.sarif 80 | --------------------------------------------------------------------------------