kc3-lang/libevent/.github/workflows/scorecard.yml

Branch : - branch - master - tag - release-1.1b release-1.4.0-beta release-1.4.1-beta release-1.4.10-stable release-1.4.11-stable release-1.4.12-stable release-1.4.13-stable release-1.4.14-stable release-1.4.14b-stable release-1.4.15-stable release-1.4.2-rc release-1.4.3-stable release-1.4.4-stable release-1.4.5-stable release-1.4.6 release-1.4.7-stable release-1.4.8-stable release-1.4.9-stable release-2.0.1-alpha release-2.0.10-stable release-2.0.11-stable release-2.0.12-stable release-2.0.13-stable release-2.0.14-stable release-2.0.15-stable release-2.0.16-stable release-2.0.17-stable release-2.0.18-stable release-2.0.19-stable release-2.0.20-stable release-2.0.21-stable release-2.0.22-stable release-2.0.23-beta release-2.0.3-alpha release-2.0.4-alpha release-2.0.5-beta release-2.0.6-rc release-2.0.7-rc release-2.0.8-rc release-2.0.9-rc release-2.1.1-alpha release-2.1.10-stable release-2.1.11-stable release-2.1.12-stable release-2.1.2-alpha release-2.1.3-alpha release-2.1.4-alpha release-2.1.5-beta release-2.1.6-beta release-2.1.7-rc release-2.1.8-stable release-2.1.9-beta release-2.2.1-alpha

• Show log

  Commit

• Author : dependabot[bot]
  Date : 2024-04-15 07:41:48
  Hash : e0a4574b
  Message : Bump the github-actions group with 5 updates Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `3` | `4` | | [nick-fields/retry](https://github.com/nick-fields/retry) | `2` | `3` | | [coverallsapp/github-action](https://github.com/coverallsapp/github-action) | `1.2.5` | `2.2.3` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.1.2` | `2.3.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.2.4` | `3.24.10` | Updates `actions/cache` from 3 to 4 - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v3...v4) Updates `nick-fields/retry` from 2 to 3 - [Release notes](https://github.com/nick-fields/retry/releases) - [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js) - [Commits](https://github.com/nick-fields/retry/compare/v2...v3) Updates `coverallsapp/github-action` from 1.2.5 to 2.2.3 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Upgrade guide](https://github.com/coverallsapp/github-action/blob/main/UPGRADE.md) - [Commits](https://github.com/coverallsapp/github-action/compare/09b709cf6a16e30b0808ba050c7a6e8a5ef13f8d...3dfc5567390f6fa9267c0ee9c251e4c8c3f18949) Updates `ossf/scorecard-action` from 2.1.2 to 2.3.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...0864cf19026789058feabb7e87baa5f140aac736) Updates `github/codeql-action` from 2.2.4 to 3.24.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/17573ee1cc1b9d061760f3a006fc4aac4f944fd5...4355270be187e1b672a7a1c7c7bae5afdc1ab94a) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: nick-fields/retry dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

• .github/workflows/scorecard.yml

• name: Scorecard supply-chain security
  on:
    # For Branch-Protection check. Only the default branch is supported. See
    # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
    branch_protection_rule:
    # To guarantee Maintained check is occasionally updated. See
    # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
    schedule:
      - cron: '38 3 * * 5'
    push:
      branches: [ "master" ]
  
  # Declare default permissions as read only.
  permissions: read-all
  
  jobs:
    analysis:
      name: Scorecard analysis
      runs-on: ubuntu-latest
      permissions:
        # Needed to upload the results to code-scanning dashboard.
        security-events: write
        # Needed to publish results and get a badge (see publish_results below).
        id-token: write
  
      steps:
        - name: "Checkout code"
          uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
          with:
            persist-credentials: false
  
        - name: "Run analysis"
          uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
          with:
            results_file: results.sarif
            results_format: sarif
  
            # Publish results to OpenSSF REST API for easy access by consumers and allows the repository to include the Scorecard badge.
            # See https://github.com/ossf/scorecard-action#publishing-results
            publish_results: true
  
        # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
        # format to the repository Actions tab.
        - name: "Upload artifact"
          uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
          with:
            name: SARIF file
            path: results.sarif
            retention-days: 5
  
        # Upload the results to GitHub's code scanning dashboard.
        - name: "Upload to code-scanning"
          uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
          with:
            sarif_file: results.sarif