Add REUSE and OpenSSF Best Practices badges to README (#439) #308

Workflow file for this run

.github/workflows/security.yml at ae24a6a

	name: Security

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	schedule:
	- cron: "22 17 * * 5"
	branch_protection_rule:

	permissions:
	contents: read

	jobs:
	dev-skim:
	name: DevSkim
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
	with:
	egress-policy: audit
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	persist-credentials: false

	- name: Run DevSkim scanner
	uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16
	with:
	exclude-rules: DS176209 # https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md

	- name: Upload DevSkim scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
	with:
	sarif_file: devskim-results.sarif
	cargo-deny:
	name: Cargo Deny
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
	with:
	egress-policy: audit
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	persist-credentials: false
	- name: Cargo Deny
	uses: EmbarkStudios/cargo-deny-action@f2ba7abc2abebaf185c833c3961145a3c275caad # v2.0.13
	with:
	command-arguments: -D warnings
	osv-scheduled:
	name: OSV Scanner (scheduled)
	if: ${{ github.event_name == 'push' \|\| github.event_name == 'schedule' }}
	permissions:
	actions: read
	contents: read
	security-events: write
	uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730" # v1.7.1
	osv-pr:
	name: OSV Scanner (PR)
	permissions:
	actions: read
	contents: read
	security-events: write
	if: ${{ github.event_name == 'pull_request' \|\| github.event_name == 'merge_group' }}
	uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730" # v1.7.1
	scorecard:
	name: OSSF Scorecard
	runs-on: ubuntu-latest
	if: github.event.repository.default_branch == github.ref_name \|\| github.event_name == 'pull_request'
	permissions:
	security-events: write
	id-token: write
	contents: read
	actions: read
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
	with:
	egress-policy: audit
	- name: "Checkout code"
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	persist-credentials: false
	- name: "Run analysis"
	uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
	with:
	results_file: results.sarif
	results_format: sarif
	publish_results: true
	- name: "Upload to code-scanning"
	uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
	with:
	sarif_file: results.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add REUSE and OpenSSF Best Practices badges to README (#439) #308

Workflow file

Add REUSE and OpenSSF Best Practices badges to README (#439) #308

Uh oh!

Jobs

Run details

Workflow file for this run

Search code, repositories, users, issues, pull requests...

Add REUSE and OpenSSF Best Practices badges to README (#439) #308

Workflow file

Workflow file for this run