Jussi Kukkonen f29d8471c8 workflows: Add Scorecards workflow ... This is a modifed version of the workflow from the project itself: * Not using personal access tokens because I believe they are a security issue (this means Branch-Protection check will be incorrect) * Not uploading results to actions cache: Maybe there's a point but I don't see it as the SARIF files are not very human readable This should give us some code scanning alerts in the security tab on Github. This is not really what I'm interested in though so I've enabled the upload to https://api.securityscorecards.dev/. The results json on there is not exactly readable but it is good enough to check what the current results are -- and deps.dev should use those results after some delay I believe. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>		2022-11-22 18:15:56 +02:00
..
_test.yml	Merge pull request #2159 from jku/permissions-tweaks	2022-11-15 14:34:48 +02:00
cd.yml	Github workflows: Only upload to pypi in upstream repo	2022-10-31 12:14:23 +02:00
ci.yml	workflows: Set top-level permissions	2022-10-30 12:56:22 +02:00
codeql-analysis.yml	build(deps): bump github/codeql-action from 2.1.32 to 2.1.33	2022-11-17 10:11:41 +00:00
dependency-review.yml	build(deps): bump actions/dependency-review-action from 3.0.0 to 3.0.1	2022-11-17 10:11:44 +00:00
maintainer-permissions-reminder.yml	build(deps): bump actions/github-script from 6.3.2 to 6.3.3	2022-10-14 10:16:54 +00:00
scorecards.yml	workflows: Add Scorecards workflow	2022-11-22 18:15:56 +02:00
specification-version-check.yml	workflows: Set top-level permissions	2022-10-30 12:56:22 +02:00