From 6ffa90f7525c2b071063da867896fe891a34ec4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tarmo=20Lepp=C3=A4nen?= Date: Fri, 25 Jul 2025 13:33:05 +0300 Subject: [PATCH 1/4] Chore(ci): Update scorecard-action to version 2.4.2 --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 245fcf667..7f6ba7396 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,7 +40,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@v2 + uses: ossf/scorecard-action@v2.4.2 with: results_file: results.sarif results_format: sarif From 8100dec6b35c6ceaaba782cd9c4867c1a421b5f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tarmo=20Lepp=C3=A4nen?= Date: Fri, 25 Jul 2025 13:36:41 +0300 Subject: [PATCH 2/4] Chore(ci): comment out push trigger in scorecard configuration --- .github/workflows/scorecard.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7f6ba7396..bc4ee112c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -14,8 +14,8 @@ on: schedule: # 09:29 UTC every Friday - cron: '29 9 * * 5' - push: - branches: [ "master" ] + #push: + # branches: [ "master" ] # Declare default permissions as read only. permissions: read-all From c1dc8a0e02d2241554e7d0bdb2f9f2181ace584c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tarmo=20Lepp=C3=A4nen?= Date: Fri, 25 Jul 2025 13:40:39 +0300 Subject: [PATCH 3/4] Chore(ci): comment out branch protection rule in scorecard configuration --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bc4ee112c..2d26a1a98 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -8,7 +8,7 @@ on: workflow_dispatch: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: + #branch_protection_rule: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: From 6ad4ba6152773e40bcc788f6497d971173180fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tarmo=20Lepp=C3=A4nen?= Date: Fri, 25 Jul 2025 13:42:46 +0300 Subject: [PATCH 4/4] Chore(ci): enable branch protection rule and push trigger in scorecard configuration --- .github/workflows/scorecard.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2d26a1a98..7f6ba7396 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -8,14 +8,14 @@ on: workflow_dispatch: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - #branch_protection_rule: + branch_protection_rule: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: # 09:29 UTC every Friday - cron: '29 9 * * 5' - #push: - # branches: [ "master" ] + push: + branches: [ "master" ] # Declare default permissions as read only. permissions: read-all