From 48edda6acad5d9b718bedba3c63e8198f1f7c08f Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Wed, 29 Dec 2021 22:56:18 +0000 Subject: [PATCH] reduce text --- code-scanning/scorecards.yml | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index c8f9993..a647577 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -29,23 +29,8 @@ jobs: with: results_file: results.sarif results_format: sarif - # For the token, - # 1. Create a PAT token at https://github.com/settings/tokens/new - # with the following read permissions: - # - Note: OSSF Scorecard read-only token - # - Expiration: No expiration - # - Scopes: - # * repo > public_repo - # * admin:org > read:org - # * admin:repo_hook > read:repo_hook - # * write:discussion > read:discussion - # - # Create and copy the token. - # - # 2. Create a new repository secret at https://github.com///settings/secrets/actions/new - # with the following settings: - # - Name: SCORECARD_TOKEN - # - Value: the value of the token created in step 1 above. + # Read-only PAT token. To create it, follow the steps + # in https://github.com/ossf/scorecard-action/main#pat-token-creation repo_token: ${{ secrets.SCORECARD_TOKEN }} # The Scorecard team runs a weekly scan of public GitHub repositories in order to track # the overall security health of the open source ecosystem. The results are publicly @@ -56,9 +41,7 @@ jobs: # on a private repo, set it to `publish_results: false` or do not set the value at all. publish_results: true - # Upload the results as artifacts. - # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts - # This is optional. + # Upload the results as artifacts (optional). - name: "Upload artifact" uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 with: @@ -67,7 +50,6 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - # This is required to visualize the results on GitHub website. - name: "Upload to code-scanning" uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 with: