iris/kaizen
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
55f3024dc9f206862ed3f328e8a1ffc91f7e19d2
kaizen/.github/workflows/scorecards.yml
irisz64 55f3024dc9 Squashed 'external/json/' changes from 60c48755e..55f93686c 
55f93686c Merge branch 'release/3.12.0'
34e46d76d 🔖 set version to 3.12.0
00ecc7ed7 ⬆️ Bump github/codeql-action from 3.28.13 to 3.28.14 (#4726)
4424a0fcc 📝 update documentation (#4723)
11aa5f944 Make std::filesystem::path conversion to/from UTF-8 encoded string explicit (#4631)
79587f896 ⬆️ Bump mkdocs-material from 9.6.10 to 9.6.11 in /docs/mkdocs (#4715)
b67f8644e ⬆️ Bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#4716)
71884486d ⬆️ Bump step-security/harden-runner from 2.11.0 to 2.11.1 (#4718)
9ef496738 ⬆️ Bump cpplint from 2.0.0 to 2.0.1 in /cmake/requirements (#4719)
9f40a7b45 ⬆️ Bump mkdocs-material from 9.6.9 to 9.6.10 in /docs/mkdocs (#4711)
d41ca94fa Adjust CMake minimal version (#4709)
3a5703931 ⬆️ Bump cppcheck from 1.4.8 to 1.5.0 in /cmake/requirements (#4698)
4d216e0c3 ⬆️ Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#4700)
f971dd770 ⬆️ Bump github/codeql-action from 3.28.11 to 3.28.13 (#4707)
cd92c09c1 tests: Fix ignored attributes warning during build (#4670)
b477d2b95 Suppress clang-analyzer-webkit.NoUncountedMemberChecker (#4701)
11a835df8 ⬆️ Bump cppcheck from 1.4.7 to 1.4.8 in /cmake/requirements (#4697)
b592b6f2d ⬆️ Bump mkdocs-material from 9.6.8 to 9.6.9 in /docs/mkdocs (#4695)
e2c95baef ⬆️ Bump mkdocs-git-revision-date-localized-plugin (#4689)
7abcb5e9a fixes issue 4691 (#4693)
5474b2227 ⬆️ Bump mkdocs-material from 9.6.5 to 9.6.8 in /docs/mkdocs (#4688)
6e684350b ⬆️ Bump github/codeql-action from 3.28.10 to 3.28.11 (#4683)
f506d8acc ⬆️ Bump jinja2 from 3.1.5 to 3.1.6 in /tools/generate_natvis (#4680)
34665ae64 Correct typo in sax_interface.md (#4679)
f3dc4684b ⬆️ Bump github/codeql-action from 3.28.9 to 3.28.10 (#4661)
0b938993e ⬆️ Bump lukka/get-cmake from 3.31.5 to 3.31.6 (#4668)
543d8e417 ⬆️ Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#4665)
f2e494686 ⬆️ Bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#4664)
8215dbafb ⬆️ Bump mkdocs-material from 9.6.4 to 9.6.5 in /docs/mkdocs (#4659)
a3143f5f2 ⬆️ Bump step-security/harden-runner from 2.10.4 to 2.11.0 (#4652)
0b6881a95 Add regression test for #3810 (#4608)
a43350c4e Remove wsjcpp package manager (#4623)
8fb5d6f92 Some documentation updates (#4636)
2dc82053d ⬆️ Bump mkdocs-material from 9.5.50 to 9.6.4 in /docs/mkdocs (#4648)
bf6b1e2f4 ⬆️ Bump github/codeql-action from 3.28.6 to 3.28.9 (#4646)
606b6347e ⬆️ Bump coverallsapp/github-action from 2.3.4 to 2.3.6 (#4634)
c7d949f9f ⬆️ Bump github/codeql-action from 3.28.4 to 3.28.6 (#4635)
e90c860d5 Add note on derived return type for value function (#4628)
d0789e365 Bump lukka/get-cmake from 3.31.4 to 3.31.5 (#4625)
97dd60c22 Bump github/codeql-action from 3.28.3 to 3.28.4 (#4624)
666d06144 Bump github/codeql-action from 3.28.2 to 3.28.3 (#4620)
bf8ccc20e fix compilation issue (#4613)
786c5040e Bump github/codeql-action from 3.28.1 to 3.28.2 (#4617)
bd4fea39e Bump actions/stale from 9.0.0 to 9.1.0 (#4616)
8c7dcd3b4 Bump step-security/harden-runner from 2.10.3 to 2.10.4 (#4614)
b23cdeac2 Bump mkdocs-material from 9.5.49 to 9.5.50 in /docs/mkdocs (#4615)
1b813519c Add VisionOS support to Swift Package Manager Package.swift definition file (#4611)
f06604fce Bump the copyright years (#4606)
d23291ba2 use diagnostic positions in exceptions (#4585)
0f9e6ae09 Fix broken links (#4605)
8a882f32e Generate template functions with NLOHMANN_DEFINE_TYPE macros (#4597)
bdb8d2b7b Serialize empty tuple into '[]'  instead of null (#4594)
e72046ef9 Bump step-security/harden-runner from 2.10.2 to 2.10.3 (#4604)
4a0081a1c Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#4603)
52b261421 Bump srvaroa/labeler (#4602)
f74e5c6a5 Bump github/codeql-action from 3.27.9 to 3.28.1 (#4601)
e25a82461 Bump lukka/get-cmake from 3.31.2 to 3.31.4 (#4600)
26cfec34b Clean up and document project files (#4560)
ad2ee1853 Fix coverage job (#4595)
2d42229f4 Support BSON uint64 de/serialization (#4590)
1809b3d80 Add note to Jetbrains support (#4592)
48e7b4c23 BJData Fixes (#4588)
0cb1241d5 Improve Bazel support: Switch to Bzlmod (#4584)
2e50d5b2f BJData optimized binary array type (#4513)

git-subtree-dir: external/json
git-subtree-split: 55f93686c01528224f448c19128836e7df245f72
2025-06-26 22:22:03 +02:00

82 lines
3.1 KiB
YAML
Raw Blame History

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '20 7 * * 2'
push:
branches: ["develop"]
permissions:
contents: read
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
contents: read
actions: read
# To allow GraphQL ListCommits to work
issues: read
pull-requests: read
# To detect SAST tools
checks: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
with:
egress-policy: audit
- name: "Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecards on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
with:
sarif_file: results.sarif
Reference in New Issue View Git Blame Copy Permalink