Skip to content
Scorecards supply-chain security

Merge pull request #55 from defenseunicorns/renovate/jira-support-dep… #58

Sign in to view logs

Merge pull request #55 from defenseunicorns/renovate/jira-support-dep…

Merge pull request #55 from defenseunicorns/renovate/jira-support-dep… #58

Workflow file for this run

.github/workflows/scorecard.yaml at db8d870
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '30 1 * * 6'
push:
branches: ["main"]
# Declare default permissions as read only.
permissions: read-all
jobs:
validate:

Check failure on line 17 in .github/workflows/scorecard.yaml

View workflow run for this annotation

GitHub Actions / Scorecards supply-chain security

Invalid workflow file 

The workflow is not valid. .github/workflows/scorecard.yaml (Line: 17, Col: 3): Error calling workflow 'defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@c52077c870a576d01f169f96d74d1b393c6488ba'. The workflow is requesting 'actions: read, attestations: read, checks: read, contents: read, deployments: read, discussions: read, issues: read, packages: read, pages: read, pull-requests: read, repository-projects: read, statuses: read', but is only allowed 'actions: none, attestations: none, checks: none, co[...]
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write
uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
secrets: inherit