kc3-lang/libevent/.github/workflows/scorecard.yml

Branch : - branch - master - tag - release-1.1b release-1.4.0-beta release-1.4.1-beta release-1.4.10-stable release-1.4.11-stable release-1.4.12-stable release-1.4.13-stable release-1.4.14-stable release-1.4.14b-stable release-1.4.15-stable release-1.4.2-rc release-1.4.3-stable release-1.4.4-stable release-1.4.5-stable release-1.4.6 release-1.4.7-stable release-1.4.8-stable release-1.4.9-stable release-2.0.1-alpha release-2.0.10-stable release-2.0.11-stable release-2.0.12-stable release-2.0.13-stable release-2.0.14-stable release-2.0.15-stable release-2.0.16-stable release-2.0.17-stable release-2.0.18-stable release-2.0.19-stable release-2.0.20-stable release-2.0.21-stable release-2.0.22-stable release-2.0.23-beta release-2.0.3-alpha release-2.0.4-alpha release-2.0.5-beta release-2.0.6-rc release-2.0.7-rc release-2.0.8-rc release-2.0.9-rc release-2.1.1-alpha release-2.1.10-stable release-2.1.11-stable release-2.1.12-stable release-2.1.2-alpha release-2.1.3-alpha release-2.1.4-alpha release-2.1.5-beta release-2.1.6-beta release-2.1.7-rc release-2.1.8-stable release-2.1.9-beta release-2.2.1-alpha

• Show log

  Commit

• Author : dependabot[bot]
  Date : 2025-02-01 14:09:10
  Hash : c4ea8028
  Message : build(deps): bump the github-actions group across 1 directory with 2 updates Bumps the github-actions group with 2 updates in the / directory: [coverallsapp/github-action](https://github.com/coverallsapp/github-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `coverallsapp/github-action` from 2.3.4 to 2.3.6 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](https://github.com/coverallsapp/github-action/compare/cfd0633edbd2411b532b808ba7a8b5e04f76d2c8...648a8eb78e6d50909eff900e4ec85cab4524a45b) Updates `github/codeql-action` from 3.27.5 to 3.28.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f09c1c0a94de965c15400f5634aa42fac8fb8f88...dd746615b3b9d728a6a37ca2045b68ca76d4841a) --- updated-dependencies: - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

• .github/workflows/scorecard.yml

• name: Scorecard supply-chain security
  on:
    # For Branch-Protection check. Only the default branch is supported. See
    # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
    branch_protection_rule:
    # To guarantee Maintained check is occasionally updated. See
    # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
    schedule:
      - cron: '38 3 * * 5'
    push:
      branches: [ "master" ]
  
  # Declare default permissions as read only.
  permissions: read-all
  
  jobs:
    analysis:
      name: Scorecard analysis
      runs-on: ubuntu-latest
      permissions:
        # Needed to upload the results to code-scanning dashboard.
        security-events: write
        # Needed to publish results and get a badge (see publish_results below).
        id-token: write
  
      steps:
        - name: "Checkout code"
          uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
          with:
            persist-credentials: false
  
        - name: "Run analysis"
          uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
          with:
            results_file: results.sarif
            results_format: sarif
  
            # Publish results to OpenSSF REST API for easy access by consumers and allows the repository to include the Scorecard badge.
            # See https://github.com/ossf/scorecard-action#publishing-results
            publish_results: true
  
        # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
        # format to the repository Actions tab.
        - name: "Upload artifact"
          uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
          with:
            name: SARIF file
            path: results.sarif
            retention-days: 5
  
        # Upload the results to GitHub's code scanning dashboard.
        - name: "Upload to code-scanning"
          uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
          with:
            sarif_file: results.sarif