9.1.3 #366

	name: 'Scorecard security analysis'

	on:
	push:
	branches: ['master']
	schedule:
	- cron: '25 10 * * 3'
	workflow_dispatch:

	permissions: {}

	jobs:

	analyze:
	name: 'Scorecard security analysis'
	runs-on: 'ubuntu-latest'
	permissions:
	actions: 'read'
	contents: 'read'
	security-events: 'write'
	steps:
	- name: 'Checkout'
	uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
	- name: 'Perform security analysis'
	uses: 'ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031'
	with:
	results_file: './results.sarif'
	results_format: 'sarif'
	repo_token: '${{ secrets.GITHUB_TOKEN }}'
	publish_results: false
	- name: 'Upload SARIF file'
	uses: 'github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a'
	with:
	sarif_file: './results.sarif'

Provide feedback