Skip to content
ossf-scorecard

Bump codecov/codecov-action action to v5.5.3 (#1476) #943

Sign in to view logs

Bump codecov/codecov-action action to v5.5.3 (#1476)

Bump codecov/codecov-action action to v5.5.3 (#1476) #943

Workflow file for this run

.github/workflows/ossf-scorecard.yml at ee1f5bf
name: ossf-scorecard
on:
branch_protection_rule:
push:
branches: [ main ]
schedule:
- cron: '0 5 * * MON'
workflow_dispatch:
permissions: read-all # zizmor: ignore[excessive-permissions] Recommended permissions for OSSF Scorecard
jobs:
analysis:
name: analysis
runs-on: ubuntu-latest
permissions:
id-token: write
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
filter: 'tree:0'
persist-credentials: false
show-progress: false
- name: Run analysis
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
publish_results: true
results_file: results.sarif
results_format: sarif
- name: Upload artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: SARIF
path: results.sarif
retention-days: 5
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
sarif_file: results.sarif