kyverno/.github/workflows/scorecard.yaml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Scorecards supply-chain security

permissions: {}

on:
  schedule:
    - cron: '30 1 * * 6'
  push:
    branches:
      - main

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  analysis:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Run analysis
        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
          publish_results: true
      - name: Upload artifact
        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5
      - name: Upload to code-scanning
        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
        with:
          sarif_file: results.sarif
chore: configure gh workflows schemas (#9535) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-01-27 23:32:42 +01:00			`# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`name: Scorecards supply-chain security`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00
fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-30 13:44:57 +02:00			`permissions: {}`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`on:`
			`schedule:`
			`- cron: '30 1 * * 6'`
			`push:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`branches:`
			`- main`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30
chore: add missing gh workflow concurrency statements (#5914) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-06 16:24:55 +01:00			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`jobs:`
			`analysis:`
			`runs-on: ubuntu-latest`
			`permissions:`
			`security-events: write`
			`id-token: write`
			`steps:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Checkout`
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#11464) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-10-24 09:42:17 +00:00			`uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`persist-credentials: false`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Run analysis`
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#10742) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-07-29 16:18:20 +00:00			`uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`results_file: results.sarif`
			`results_format: sarif`
			`repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}`
			`publish_results: true`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload artifact`
chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (#11783) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-12-18 11:00:14 +00:00			`uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`name: SARIF file`
			`path: results.sarif`
			`retention-days: 5`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload to code-scanning`
chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9 (#11757) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.7 to 3.27.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/babb554ede22fd5605947329c4d04d8e7a0b8155...df409f7d9260372bd5f19e5b04e83cb3c43714ae) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-12-13 08:45:36 +00:00			`uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`sarif_file: results.sarif`