mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 22:00:31 +00:00
fix: revert scorecard-action to tag (Docker action incompatible with SHA pin)
This commit is contained in:
4
.github/workflows/scorecard.yml
vendored
4
.github/workflows/scorecard.yml
vendored
@@ -21,8 +21,10 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
|
# Note: scorecard-action is a Docker-based action that resolves by tag only,
|
||||||
|
# SHA pinning causes resolution failures. Using tag per ossf recommendation.
|
||||||
- name: Run OpenSSF Scorecard
|
- name: Run OpenSSF Scorecard
|
||||||
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
|
uses: ossf/scorecard-action@v2.4.3
|
||||||
with:
|
with:
|
||||||
results_file: results.sarif
|
results_file: results.sarif
|
||||||
results_format: sarif
|
results_format: sarif
|
||||||
|
|||||||
Reference in New Issue
Block a user