--- # vi: ts=2 sw=2 et: # SPDX-License-Identifier: LGPL-2.1-or-later name: Scorecards supply-chain security on: # Only the default branch is supported. branch_protection_rule: schedule: - cron: '15 21 * * 6' push: branches: - main pull_request: branches: - main paths: - '.github/workflows/scorecards.yml' # Declare default permissions as read only. permissions: read-all jobs: analysis: name: Scorecards analysis if: github.repository == 'systemd/systemd' runs-on: ubuntu-24.04 permissions: id-token: write # Used to receive a badge. steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - name: Run analysis uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif publish_results: ${{ github.event_name != 'pull_request' }}