kyverno/.github/workflows/scorecard.yaml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Scorecards supply-chain security

permissions: {}

on:
  schedule:
    - cron: '30 1 * * 6'
  push:
    branches:
      - main

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  analysis:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          persist-credentials: false
      - name: Run analysis
        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
          publish_results: true
      - name: Upload artifact
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5
      - name: Upload to code-scanning
        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
        with:
          sarif_file: results.sarif
chore: configure gh workflows schemas (#9535) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-01-27 23:32:42 +01:00			`# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`name: Scorecards supply-chain security`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00
fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-30 13:44:57 +02:00			`permissions: {}`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`on:`
			`schedule:`
			`- cron: '30 1 * * 6'`
			`push:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`branches:`
			`- main`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30
chore: add missing gh workflow concurrency statements (#5914) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-06 16:24:55 +01:00			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`jobs:`
			`analysis:`
			`runs-on: ubuntu-latest`
			`permissions:`
			`security-events: write`
			`id-token: write`
			`steps:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Checkout`
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#10447) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-06-13 22:40:59 +00:00			`uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`persist-credentials: false`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Run analysis`
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#10742) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-07-29 16:18:20 +00:00			`uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`results_file: results.sarif`
			`results_format: sarif`
			`repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}`
			`publish_results: true`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload artifact`
chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#8303) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...a8a3f3ad30e3422c9c7b888a15615d19a852ae32) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-09-07 10:05:24 +00:00			`uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`name: SARIF file`
			`path: results.sarif`
			`retention-days: 5`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload to code-scanning`
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#10961) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.5 to 3.26.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-08-30 17:23:54 +00:00			`uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`sarif_file: results.sarif`