diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml new file mode 100644 index 0000000..931d0b9 --- /dev/null +++ b/.github/workflows/ossf-scorecard.yml @@ -0,0 +1,45 @@ +name: OSSF Scorecard Analysis + +# **What it does**: Runs OSSF Scorecard analysis on the repository and uploads the results. +# **Why we have it**: Security scanning. + +on: + branch_protection_rule: + push: + branches: + - main + paths-ignore: + - "docs/**" + - "*.md" + schedule: + # ┌───────────── minute (0 - 59) + # │ ┌───────────── hour (0 - 23) + # │ │ ┌───────────── day of the month (1 - 31) + # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) + # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) + # │ │ │ │ │ + # │ │ │ │ │ + # │ │ │ │ │ + # * * * * * + - cron: "21 17 * * 0" + # Allows this workflow to be run manually from the Actions tab + workflow_dispatch: + +# This allows a subsequently queued workflow run to interrupt previous runs +concurrency: + group: "${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}" + cancel-in-progress: true + +permissions: + contents: read + +jobs: + analysis: + name: OSSF Scorecard Analysis + permissions: + contents: read + id-token: write + security-events: write + uses: fdawgs/workflows/.github/workflows/reusable-ossf-scorecard.yml@15c09545397588f9a2ac47db6c6269520ebc983a # v2.2.0 + with: + publish_results: true diff --git a/README.md b/README.md index c24c4bf..3b5eaf4 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ [![CI](https://github.com/Fdawgs/node-poppler/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/Fdawgs/node-poppler/actions/workflows/ci.yml) [![Coverage status](https://coveralls.io/repos/github/Fdawgs/node-poppler/badge.svg?branch=main)](https://coveralls.io/github/Fdawgs/node-poppler?branch=main) [![code style: Prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat)](https://github.com/prettier/prettier) +[![OSSF Scorecard](https://api.scorecard.dev/projects/github.com/Fdawgs/node-poppler/badge)](https://scorecard.dev/viewer/?uri=github.com/Fdawgs/node-poppler) > Asynchronous Node.js wrapper for the Poppler PDF rendering utilities