Skip to content
Scorecards supply-chain security

chore(main): release 10.0.0-uds.1 (#143) #140

Sign in to view logs

chore(main): release 10.0.0-uds.1 (#143)

chore(main): release 10.0.0-uds.1 (#143) #140

Workflow file for this run

.github/workflows/scorecard.yaml at 8d3843a
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '30 1 * * 6'
push:
branches: ["main"]
# Declare default permissions as read only.
permissions: read-all
jobs:
validate:

Check failure on line 14 in .github/workflows/scorecard.yaml

View workflow run for this annotation

GitHub Actions / Scorecards supply-chain security

Invalid workflow file 

The workflow is not valid. .github/workflows/scorecard.yaml (Line: 14, Col: 3): Error calling workflow 'defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@86886015d1edc43036b3dd000fbd972a384beb8f'. The workflow is requesting 'actions: read, attestations: read, checks: read, contents: read, deployments: read, discussions: read, issues: read, packages: read, pages: read, pull-requests: read, repository-projects: read, statuses: read', but is only allowed 'actions: none, attestations: none, checks: none, co[...]
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write
uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0
secrets: inherit