-
Notifications
You must be signed in to change notification settings - Fork 3
36 lines (33 loc) · 973 Bytes
/
scorecard.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '30 1 * * 6'
push:
branches: ["main"]
# Declare default permissions as read only.
permissions: read-all
jobs:
validate:
permissions:
actions: read
attestations: read
checks: read
contents: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write
uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@f0164622ffc2007e96a0e1deaa3f5064db04b148 # v1.1.0
secrets: inherit