From 07be376c3a753560b12712d3e1c614031a2cf117 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Wed, 29 Dec 2021 23:02:46 +0000 Subject: [PATCH] updates --- code-scanning/scorecards.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index a647577..b9efa21 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -29,16 +29,13 @@ jobs: with: results_file: results.sarif results_format: sarif - # Read-only PAT token. To create it, follow the steps - # in https://github.com/ossf/scorecard-action/main#pat-token-creation + # Read-only PAT token. To create it, + # follow the steps in https://github.com/ossf/scorecard-action/blob/main#pat-token-creation. repo_token: ${{ secrets.SCORECARD_TOKEN }} - # The Scorecard team runs a weekly scan of public GitHub repositories in order to track - # the overall security health of the open source ecosystem. The results are publicly - # available as described at https://github.com/ossf/scorecard#public-data. - # Setting `publish_results: true` replaces the results of the team's weelky scans, - # helping us scale by cutting down on repeated workflows and GitHub API requests. - # This option is needed to enable badges on the repo. If you're installing the action - # on a private repo, set it to `publish_results: false` or do not set the value at all. + # Publish the results to enable scorecard badges. For more details, see + # https://github.com/ossf/scorecard-action/blob/main#publishing-results. + # If you are installing the action on a private repo, set it to `publish_results: false` + # or do not set the value at all. publish_results: true # Upload the results as artifacts (optional).