From bf5f2615f96a12cd67cc43f97a62d639b264d49d Mon Sep 17 00:00:00 2001 From: Joel Payne <15524072+LilSpazJoekp@users.noreply.github.com> Date: Wed, 3 Jul 2024 19:11:19 -0500 Subject: [PATCH] Update scorecards-analysis.yml --- .github/workflows/scorecards-analysis.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 3081d778a..0c1f0c645 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -2,31 +2,28 @@ jobs: analysis: name: Scorecards analysis permissions: - actions: read - contents: read id-token: write security-events: write runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} publish_results: true - name: Upload artifact - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 + uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 with: name: SARIF file path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 with: sarif_file: results.sarif name: Scorecards supply-chain security