Added OSSF security analysis workflow (scorecard)

sparky-game · Oct 4, 2024 · 734bbef · 734bbef
1 parent d1e3c1e
commit 734bbef
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/.github/workflows/security-analysis.yaml b/.github/workflows/security-analysis.yaml
@@ -0,0 +1,32 @@
+name: security-analysis
+
+on:
+  push:
+    branches: [master]
+    paths: ['.github/workflows/security-analysis.yaml']
+  schedule:
+    - cron: '0 9 * * 1'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  security-analysis:
+    permissions:
+      id-token: write
+      security-events: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout-repo
+        uses: actions/checkout@v4
+      - name: run-checks
+        uses: ossf/scorecard-action@v2.4.0
+        with:
+          results_format: sarif
+          results_file: results.sarif
+          publish_results: true
+      - name: upload-results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif