diff --git a/.github/workflows/scoreboard.yml b/.github/workflows/scoreboard.yml new file mode 100644 index 0000000..5b55c02 --- /dev/null +++ b/.github/workflows/scoreboard.yml @@ -0,0 +1,35 @@ +name: Scorecard supply-chain security +on: + branch_protection_rule: + schedule: + - cron: '16 0 * * 6' + push: + branches: [ "master" ] + +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Run analysis + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + - name: Upload to code-scanning + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + with: + sarif_file: results.sarif diff --git a/README.md b/README.md index d014c93..c6a36fa 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,12 @@
Octoscan is a static vulnerability scanner for GitHub action workflows.
+- Octoscan is a static vulnerability scanner for GitHub action workflows. -
- -