diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index 8b2346a..ba42ef0 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -17,6 +17,8 @@ jobs: permissions: # Needed to upload the results to code-scanning dashboard. security-events: write + actions: read + contents: read steps: - name: "Checkout code" @@ -34,8 +36,8 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} # Publish the results to enable scorecard badges. For more details, see # https://github.com/ossf/scorecard-action#publishing-results. - # If you are installing the action on a private repo, set it to `publish_results: false` - # or comment out the following line. + # Note: for private repositories, the value of `publish_results` set here + # is ignored and defaults to false. publish_results: true # Upload the results as artifacts (optional).