From ecac696f10013c36400aae269da3706366776d68 Mon Sep 17 00:00:00 2001
From: lelia <le1ia@me.com>
Date: Wed, 26 Jun 2024 19:16:33 -0400
Subject: [PATCH] .github: Add Scorecard workflow (#65)

---
 .github/workflows/scorecard.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 0000000000..532cc5c869
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,29 @@
+name: scorecard
+
+on:
+  push:
+    branches:
+      # Run on pushes to default branch
+      - main
+  schedule:
+    # Run weekly on Saturdays
+    - cron: "30 1 * * 6"
+  # Run when branch protection rules change
+  branch_protection_rule:
+  # Run the workflow manually
+  workflow_dispatch:
+
+# Declare default permissions as read-only
+permissions: read-all
+
+jobs:
+  run-scorecard:
+    # Call reusable workflow file
+    uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
+    permissions:
+      id-token: write
+      security-events: write
+    secrets: inherit
+    with:
+      # Publish results of Scorecard analysis
+      publish-results: true