Skip to content

Commit da9bfe2

Browse files
chore: synced local '.github/workflows/ossf-scorecard.yml' with remote 'tools/sre_file_sync/ossf-scorecard.yml'
1 parent ecbc566 commit da9bfe2

1 file changed

Lines changed: 14 additions & 4 deletions

File tree

.github/workflows/ossf-scorecard.yml

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ on:
99
- main
1010

1111
permissions:
12+
id-token: write
1213
contents: read
1314
issues: read
1415
pull-requests: read
@@ -21,6 +22,13 @@ jobs:
2122
runs-on: ubuntu-latest
2223

2324
steps:
25+
- name: "Audit DNS requests"
26+
uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
27+
env:
28+
DNS_PROXY_FORWARDTOSENTINEL: "true"
29+
DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
30+
DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
31+
2432
- name: "Checkout code"
2533
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2634
with:
@@ -41,9 +49,11 @@ jobs:
4149
jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
4250
4351
- name: "Post results to Sentinel"
44-
uses: cds-snc/sentinel-forward-data-action@01db4a9203054ecdb60ff368c3cdfca71d62e85f
52+
uses: cds-snc/sentinel-forward-data-action@2b0831903177e4ba07c850c71ab2645f72cab269
4553
with:
4654
file_name: ossf-results-modified.json
47-
log_type: GitHubMetadata_OSSF_Scorecard
48-
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
49-
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
55+
dce_endpoint: ${{ secrets.SENTINEL_DCE_ENDPOINT }}
56+
dcr_rule_id: ${{ secrets.SENTINEL_DCR_RULE_ID_OSSF }}
57+
stream_name: ${{ secrets.SENTINEL_STREAM_NAME_OSSF }}
58+
azure_client_id: ${{ secrets.SENTINEL_V2_AZURE_CLIENT_ID }}
59+
azure_tenant_id: ${{ secrets.SENTINEL_V2_AZURE_TENANT_ID }}

0 commit comments

Comments
 (0)