otpauth/.github/workflows/scorecard.yml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Scorecard security analysis"

on:
  push:
    branches: ["master"]
  schedule:
    - cron: "25 10 * * 3"
  workflow_dispatch:

permissions: {}

jobs:
  analyze:
    name: "Scorecard security analysis"
    runs-on: "ubuntu-latest"
    permissions:
      actions: "read"
      contents: "read"
      security-events: "write"
    steps:
      - name: "Checkout"
        uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8"
      - name: "Perform security analysis"
        uses: "ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a"
        with:
          results_file: "./results.sarif"
          results_format: "sarif"
          repo_token: "${{ secrets.GITHUB_TOKEN }}"
          publish_results: false
      - name: "Upload SARIF file"
        uses: "github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5"
        with:
          sarif_file: "./results.sarif"