We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 46b788f commit 606b60cCopy full SHA for 606b60c
1 file changed
.github/workflows/scorecard.yml
@@ -7,14 +7,16 @@ on:
7
schedule:
8
- cron: "45 3 * * 2"
9
10
-permissions:
11
- contents: read
12
- security-events: write
13
- id-token: write
+permissions: read-all
14
15
jobs:
16
scorecard:
17
runs-on: ubuntu-latest
+ permissions:
+ # Required for uploading Scorecard SARIF to code scanning.
+ security-events: write
18
+ # Required for publishing signed Scorecard results to api.scorecard.dev.
19
+ id-token: write
20
steps:
21
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
22
with:
0 commit comments