Skip to content

chore(deps): update sigstore package dependencies (#20) #33

chore(deps): update sigstore package dependencies (#20)

chore(deps): update sigstore package dependencies (#20) #33

Workflow file for this run

# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '30 1 * * 6'
push:
branches: ["main"]
# Declare default permissions as read only.
permissions: read-all
jobs:
validate:
permissions:
actions: read
attestations: read
checks: read
contents: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write
uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
secrets: inherit