taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 12:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: improve OpenSSF Scorecard rating (#45)

Browse Source 
- Add CodeQL workflow for SAST analysis (Actions language)
- Pin scorecard-action and codeql-action by SHA in scorecard.yml
- Add cargo-audit SARIF upload for security tab integration
This commit is contained in:
DevITWay | Pavel Volkov
2026-03-19 11:51:11 +03:00
committed by GitHub
parent c1f6430aa9
commit 78dd91795d
3 changed files with 63 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/scorecard.yml vendored
View File

@@ -22,14 +22,14 @@ jobs:
persist-credentials: false
- name: Run OpenSSF Scorecard
uses: ossf/scorecard-action@v2.4.3
uses: ossf/scorecard-action@05b42c624433fc40b3b3b5bcb8147855602c7c35 # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true
- name: Upload Scorecard results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@a60c4df7a135c7317c1e9ddf9b5a9b07a910dda9 # v4
with:
sarif_file: results.sarif
category: scorecard