Skip to content

chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 #1198

chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0

chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 #1198

# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
# Run CodeQL over the package. For more configuration options see codeql/codeql-config.yaml
# and: https://github.com/github/codeql-action
name: CodeQL
on:
push:
branches:
- main
- staging
pull_request:
branches:
- main
- staging
schedule:
- cron: 20 15 * * 3
permissions:
contents: read
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
# We enable JavaScript language to analyze JavaScript expressions in GitHub Actions.
language: [python, go, javascript]
steps:
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Set up Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: '3.11'
# For more details see the comment in _build.yaml.
- name: Create empty virtual environment for Actions
run: mkdir .venv
- name: Install dependencies
run: make setup
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
with:
languages: ${{ matrix.language }}
config-file: .github/codeql/codeql-config.yaml
# Override the default behavior so that the action doesn't attempt
# to auto-install Python dependencies
setup-python-dependencies: false
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4