diff options
author | Darius Jahandarie <djahandarie@gmail.com> | 2023-08-20 11:21:42 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-20 11:21:42 +0900 |
commit | dea8898c9dbfefde038c1648580efd25f974126f (patch) | |
tree | ec87c13347f7d6a55add48d9e8520b80e2e3c9fe /.github/workflows | |
parent | 51f0f0c4d1828a4cf715269feeae879fe610f204 (diff) |
Use a fine-grained PAT in scorecard.yml
For additional checks in the scorecard, such as branch protection checks.
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/scorecard.yml | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 21927f18..cb9db177 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -16,6 +16,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis + environment: scorecard runs-on: ubuntu-latest permissions: # Needed to upload the results to code-scanning dashboard. @@ -41,7 +42,7 @@ jobs: # - you want to enable the Branch-Protection check on a *public* repository, or # - you are installing Scorecard on a *private* repository # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} + repo_token: ${{ secrets.SCORECARD_TOKEN }} # Public repositories: # - Publish results to OpenSSF REST API for easy access by consumers |