Skip to content

Commit 2b43644

Browse files
committed
Bump Scorecards from 1 to 2
1 parent 65ff324 commit 2b43644

1 file changed

Lines changed: 6 additions & 4 deletions

File tree

.github/workflows/scorecards-analysis.yml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,19 +31,21 @@ jobs:
3131
name: "Scorecards analysis"
3232
runs-on: ubuntu-latest
3333
permissions:
34-
security-events: write # Needed to upload the results to the code-scanning dashboard.
34+
# Needed to upload the results to the code-scanning dashboard.
35+
security-events: write
3536
actions: read
36-
contents: read
37+
id-token: write # This is required for requesting the JWT
38+
contents: read # This is required for actions/checkout
3739

3840
steps:
3941

4042
- name: "Checkout code"
41-
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.0.2
43+
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0
4244
with:
4345
persist-credentials: false
4446

4547
- name: "Run analysis"
46-
uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # 1.1.2
48+
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # 2.0.6
4749
with:
4850
results_file: results.sarif
4951
results_format: sarif

0 commit comments

Comments
 (0)