Skip to content

Commit

Permalink
Small update to scorecard.yml
Browse files Browse the repository at this point in the history 
Signed-off-by: Jauder Ho <jauderho@users.noreply.github.com>
  • Loading branch information
@jauderho
jauderho committed May 14, 2024
1 parent 5c8b197 commit b13847a
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions .github/workflows/scorecard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,19 +28,22 @@ jobs:
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1
with:
disable-sudo: true
egress-policy: audit
disable-telemetry: false
egress-policy: block
disable-telemetry: true
allowed-endpoints:
api.github.com:443
api.osv.dev:443
api.scorecard.dev:443
api.securityscorecards.dev:443
bestpractices.coreinfrastructure.org:443
codeload.github.com:443
fulcio.sigstore.dev:443
github.com:443
fulcio.sigstore.dev:443
oauth2.sigstore.dev:443
oss-fuzz-build-logs.storage.googleapis.com:443
rekor.sigstore.dev:443
sigstore-tuf-root.storage.googleapis.com:443
tuf-repo-cdn.sigstore.dev:443

- name: "Checkout code"
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v2.4.0
Expand All @@ -54,8 +57,8 @@ jobs:
results_format: sarif
# Read-only PAT token. To create it,
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
#repo_token: ${{ secrets.SCORECARD_TOKEN }}
repo_token: ${{ secrets.GITHUB_TOKEN }}
repo_token: ${{ secrets.SCORECARD_TOKEN }}
#repo_token: ${{ secrets.GITHUB_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
Expand All @@ -73,6 +76,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a
uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6
with:
sarif_file: results.sarif

0 comments on commit b13847a

Please sign in to comment.