Skip to content

Merge pull request #260 from cds-snc/repo-sync/site-reliability-engin… #91

Merge pull request #260 from cds-snc/repo-sync/site-reliability-engin…

Merge pull request #260 from cds-snc/repo-sync/site-reliability-engin… #91

name: Scorecards supply-chain security
on:
workflow_dispatch:
schedule:
# Weekly on Saturdays.
- cron: "30 1 * * 6"
push:
branches:
- main
permissions: read-all
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@75cb7af1033cfb77c9fc7d8abc30420008f558f4
with:
results_file: ossf-results.json
results_format: json
publish_results: false
- name: "Add metadata"
run: |
full_repo="${{ github.repository }}"
OWNER=${full_repo%/*}
REPO=${full_repo#*/}
jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
- name: "Post results to Sentinel"
uses: cds-snc/sentinel-forward-data-action@main
with:
file_name: ossf-results-modified.json
log_type: GitHubMetadata_OSSF_Scorecard
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}