This commit is contained in:
laurentsimon
2021-12-29 23:02:46 +00:00
parent 48edda6aca
commit 07be376c3a
+6 -9
View File
@@ -29,16 +29,13 @@ jobs:
with:
results_file: results.sarif
results_format: sarif
# Read-only PAT token. To create it, follow the steps
# in https://github.com/ossf/scorecard-action/main#pat-token-creation
# Read-only PAT token. To create it,
# follow the steps in https://github.com/ossf/scorecard-action/blob/main#pat-token-creation.
repo_token: ${{ secrets.SCORECARD_TOKEN }}
# The Scorecard team runs a weekly scan of public GitHub repositories in order to track
# the overall security health of the open source ecosystem. The results are publicly
# available as described at https://github.com/ossf/scorecard#public-data.
# Setting `publish_results: true` replaces the results of the team's weelky scans,
# helping us scale by cutting down on repeated workflows and GitHub API requests.
# This option is needed to enable badges on the repo. If you're installing the action
# on a private repo, set it to `publish_results: false` or do not set the value at all.
# Publish the results to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action/blob/main#publishing-results.
# If you are installing the action on a private repo, set it to `publish_results: false`
# or do not set the value at all.
publish_results: true
# Upload the results as artifacts (optional).