mattermost-desktop

48 lines

1.4 KiB

YAML

Raw Normal View History

Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`name: Scorecards supply-chain security`
			`on:`
			`# Only the default branch is supported.`
			`branch_protection_rule:`
			`schedule:`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`- cron: "44 7 * * 5"`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`push:`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`branches: [master]`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00
			`# Declare default permissions as read only.`
			`permissions: read-all`

			`jobs:`
			`analysis:`
			`name: Scorecards analysis`
			`runs-on: ubuntu-latest`
			`permissions:`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`# Needed if using Code scanning alerts`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`security-events: write`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`# Needed for GitHub OIDC token if publish_results is true`
			`id-token: write`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`steps:`
			`- name: "Checkout code"`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`with:`
			`persist-credentials: false`

			`- name: "Run analysis"`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`with:`
			`results_file: results.sarif`
			`results_format: sarif`
			`publish_results: true`

			`# Upload the results as artifacts (optional).`
			`- name: "Upload artifact"`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`with:`
			`name: SARIF file`
			`path: results.sarif`
			`retention-days: 5`

			`# Upload the results to GitHub's code scanning dashboard.`
			`- name: "Upload to code-scanning"`
feat: Upgrade Reusable GitHub Actions version (#2989) * feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL 2024-03-22 05:03:24 -07:00			`uses: github/codeql-action/upload-sarif@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5`
Add scorecards analysis (#1971) Github Action for Scorecard https://github.com/ossf/scorecard The Scorecard provides a (somewhat opinionated) view on the security posture of the repository -- we (the product security team) would like to adopt this on our key repositories to identify possible security improvements 2022-01-27 06:18:03 -08:00			`with:`
			`sarif_file: results.sarif`

48 lines 1.4 KiB YAML Raw Normal View History Unescape Escape

48 lines

1.4 KiB

YAML

Raw Normal View History