Skip to content

chore: synced file(s) with cds-snc/site-reliability-engineering (#238) #18

chore: synced file(s) with cds-snc/site-reliability-engineering (#238)

chore: synced file(s) with cds-snc/site-reliability-engineering (#238) #18

name: Scorecards supply-chain security
on:
workflow_dispatch:
schedule:
# Weekly on Saturdays.
- cron: "30 1 * * 6"
push:
branches:
- main
permissions: read-all
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@2dee8c185ea0de807198c818714b6f3436856709
with:
results_file: ossf-results.json
results_format: json
publish_results: false
- name: "Add metadata"
run: |
full_repo="${{ github.repository }}"
OWNER=${full_repo%/*}
REPO=${full_repo#*/}
jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
- name: "Post results to Sentinel"
uses: cds-snc/sentinel-forward-data-action@main
with:
file_name: ossf-results-modified.json
log_type: GitHubMetadata_OSSF_Scorecard
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}