From: waynedunican Date: Thu, 25 Sep 2025 09:09:29 +0000 (+0100) Subject: Add OpenSSF Scorecard GHA X-Git-Tag: 8.2.1~5 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F07%2F142107%2F3;p=policy%2Fclamp.git Add OpenSSF Scorecard GHA Issue-ID: POLICY-5456 Change-Id: If760d02a173fe401528bd660e746d780e3c6433d Signed-off-by: waynedunican --- diff --git a/.github/workflows/openssfscorecard.yaml b/.github/workflows/openssfscorecard.yaml new file mode 100644 index 000000000..deccb006c --- /dev/null +++ b/.github/workflows/openssfscorecard.yaml @@ -0,0 +1,54 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: 🔐 OpenSSF Scorecard +# yamllint disable-line rule:truthy +on: + workflow_dispatch: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: "50 4 * * 0" + push: + branches: ["main", "master"] + paths: + - "**" + +# Declare default permissions as none. +permissions: {} + +jobs: + openssf-scorecard: + name: "OpenSSF Scorecard" + # yamllint disable-line rule:line-length + uses: lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml@8c3cf221da0e47955647647c9a254c1f807081ce # v0.2.18 + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read