diff options
| author | Gary Gregory <garydgregory@gmail.com> | 2022-10-23 15:39:38 -0400 |
|---|---|---|
| committer | Gary Gregory <garydgregory@gmail.com> | 2022-10-23 15:39:38 -0400 |
| commit | 972e017663452eca31838756ed391ce19bd3b6e2 (patch) | |
| tree | 64ddb5086c60f982c9e6ff589afe361a9083cf76 | |
| parent | 3c4d92836ef16046ee3d52c2f5c656bff40f3433 (diff) | |
| download | apache-commons-io-972e017663452eca31838756ed391ce19bd3b6e2.tar.gz | |
Bump Scorecards from 1 to 2
| -rw-r--r-- | .github/workflows/scorecards-analysis.yml | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index fd03907c..c8b4c85c 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -31,19 +31,21 @@ jobs: name: "Scorecards analysis" runs-on: ubuntu-latest permissions: - security-events: write # Needed to upload the results to the code-scanning dashboard. + # Needed to upload the results to the code-scanning dashboard. + security-events: write actions: read - contents: read + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout steps: - name: "Checkout code" - uses: actions/checkout@v3.1.0 # 3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # 3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # 1.1.2 + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # 2.0.6 with: results_file: results.sarif results_format: sarif |