This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-dbutils.git
The following commit(s) were added to refs/heads/master by this push:
new 8471c14 Bump Scorecards from 1 to 2
8471c14 is described below
commit 8471c148799a0be5f4de22d15d5006023a96ec3c
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Sun Oct 23 15:38:09 2022 -0400
Bump Scorecards from 1 to 2
---
.github/workflows/scorecards-analysis.yml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/scorecards-analysis.yml
b/.github/workflows/scorecards-analysis.yml
index abd6992..c8b4c85 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -31,19 +31,21 @@ jobs:
name: "Scorecards analysis"
runs-on: ubuntu-latest
permissions:
- security-events: write # Needed to upload the results to the
code-scanning dashboard.
+ # Needed to upload the results to the code-scanning dashboard.
+ security-events: write
actions: read
- contents: read
+ id-token: write # This is required for requesting the JWT
+ contents: read # This is required for actions/checkout
steps:
- name: "Checkout code"
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #
3.0.2
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #
3.1.0
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564
# 1.1.2
+ uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d
# 2.0.6
with:
results_file: results.sarif
results_format: sarif
