Skip to content

Commit

Permalink
Enable Scorecard badge
Browse files Browse the repository at this point in the history
Signed-off-by: Azeem Shaikh <[email protected]>
  • Loading branch information
azeemsgoogle committed Jul 27, 2022
1 parent 531b93b commit 3e5c969
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/scorecard_action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ jobs:
security-events: write
actions: read
contents: read

id-token: write
steps:
- name: "Checkout code"
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564
uses: ossf/scorecard-action@3155d134e59d8f47261b1ae9d143034c69572227 # v2.0.0-beta.1
with:
results_file: results.sarif
results_format: sarif
Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Container Signing, Verification and Storage in an OCI registry.
[![Go Report Card](https://goreportcard.com/badge/github.com/sigstore/cosign)](https://goreportcard.com/report/github.com/sigstore/cosign)
[![e2e-tests](https://github.com/sigstore/cosign/actions/workflows/e2e_tests.yml/badge.svg)](https://github.com/sigstore/cosign/actions/workflows/e2e_tests.yml)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5715/badge)](https://bestpractices.coreinfrastructure.org/projects/5715)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/sigstore/cosign/badge)](https://api.securityscorecards.dev/projects/github.com/sigstore/cosign)

Cosign aims to make signatures **invisible infrastructure**.

Expand Down

0 comments on commit 3e5c969

Please sign in to comment.