This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-collections.git
The following commit(s) were added to refs/heads/master by this push:
new a86881573 Bump Scorecards from 1 to 2
a86881573 is described below
commit a8688157322ea0a8a9c45df51acf8c679a9557e1
Author: Gary Gregory <[email protected]>
AuthorDate: Sun Oct 23 15:35:51 2022 -0400
Bump Scorecards from 1 to 2
---
.github/workflows/scorecards-analysis.yml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/scorecards-analysis.yml
b/.github/workflows/scorecards-analysis.yml
index fd03907cd..c8b4c85cc 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -31,19 +31,21 @@ jobs:
name: "Scorecards analysis"
runs-on: ubuntu-latest
permissions:
- security-events: write # Needed to upload the results to the
code-scanning dashboard.
+ # Needed to upload the results to the code-scanning dashboard.
+ security-events: write
actions: read
- contents: read
+ id-token: write # This is required for requesting the JWT
+ contents: read # This is required for actions/checkout
steps:
- name: "Checkout code"
- uses: actions/[email protected] # 3.0.2
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #
3.1.0
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564
# 1.1.2
+ uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d
# 2.0.6
with:
results_file: results.sarif
results_format: sarif
