Skip to content

Scorecards supply-chain security #86

Scorecards supply-chain security

Scorecards supply-chain security #86

Workflow file for this run

# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '30 1 * * 6'
push:
branches: ["main"]
# Declare default permissions as read only.
permissions: read-all
jobs:
validate:
permissions:
actions: read
attestations: read
checks: read
contents: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write
uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@2a5e66fceb5c506008d5f69f42abcf38ccf86b44 # v1.2.0
secrets: inherit