From b94910654a54b9409c7d8a6c5d7f8d0bf2253178 Mon Sep 17 00:00:00 2001 From: Azeem Shaikh Date: Thu, 28 Jul 2022 03:44:43 -0400 Subject: [PATCH] Enable Scorecard badge (#706) Signed-off-by: Azeem Shaikh Co-authored-by: Azeem Shaikh --- .github/workflows/scorecard_action.yml | 4 ++-- README.md | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard_action.yml b/.github/workflows/scorecard_action.yml index d4dc2798a..29be5875d 100644 --- a/.github/workflows/scorecard_action.yml +++ b/.github/workflows/scorecard_action.yml @@ -20,7 +20,7 @@ jobs: security-events: write actions: read contents: read - + id-token: write steps: - name: "Checkout code" uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3 @@ -28,7 +28,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # v1.1.2 + uses: ossf/scorecard-action@3155d134e59d8f47261b1ae9d143034c69572227 # v2.0.0-beta.1 with: results_file: results.sarif results_format: sarif diff --git a/README.md b/README.md index dafd31f27..5ea70b0b2 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/sigstore/fulcio/badge)](https://api.securityscorecards.dev/projects/github.com/sigstore/fulcio) +

Fulcio logo