From 43ab0c84f7aa155636447cccb29fd9679ba61421 Mon Sep 17 00:00:00 2001
From: cisco-service <111539563+cisco-service@users.noreply.github.com>
Date: Fri, 28 Jun 2024 17:13:58 -0400
Subject: [PATCH 1/3] .github: Add Scorecard workflow

---
 .github/workflows/scorecard.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 0000000..532cc5c
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,29 @@
+name: scorecard
+
+on:
+  push:
+    branches:
+      # Run on pushes to default branch
+      - main
+  schedule:
+    # Run weekly on Saturdays
+    - cron: "30 1 * * 6"
+  # Run when branch protection rules change
+  branch_protection_rule:
+  # Run the workflow manually
+  workflow_dispatch:
+
+# Declare default permissions as read-only
+permissions: read-all
+
+jobs:
+  run-scorecard:
+    # Call reusable workflow file
+    uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
+    permissions:
+      id-token: write
+      security-events: write
+    secrets: inherit
+    with:
+      # Publish results of Scorecard analysis
+      publish-results: true

From a9cd611a1b6f7dcbd3995d9791d46f8c227c6bfd Mon Sep 17 00:00:00 2001
From: cisco-service <111539563+cisco-service@users.noreply.github.com>
Date: Fri, 28 Jun 2024 17:35:12 -0400
Subject: [PATCH 2/3] Fix false positive on CI check

---
 .github/workflows/scorecard.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 532cc5c..da0627d 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -22,6 +22,7 @@ jobs:
     uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
     permissions:
       id-token: write
+      # pragma: allowlist secret
       security-events: write
     secrets: inherit
     with:

From 46a2c4ddd771ef7bef7cddf1316f2e0317f7869e Mon Sep 17 00:00:00 2001
From: cisco-service <111539563+cisco-service@users.noreply.github.com>
Date: Fri, 28 Jun 2024 17:40:58 -0400
Subject: [PATCH 3/3] Revert static code analysis comment

---
 .github/workflows/scorecard.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index da0627d..532cc5c 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -22,7 +22,6 @@ jobs:
     uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
     permissions:
       id-token: write
-      # pragma: allowlist secret
       security-events: write
     secrets: inherit
     with: