Google Git
Sign in
flutter / mirrors / plugins / refs/heads/godofredoc-patch-1^! / .
commit70d4a0aee7d4b687fb8d23a8f4b29d36fb9b8bf1[log] [tgz]
authorgodofredoc <godofredoc@google.com>Mon Sep 12 20:20:16 2022 -0700
committerGitHub <noreply@github.com>Mon Sep 12 20:20:16 2022 -0700
tree89166659790345e75b70886c6217e6268aa65b8f
parent35084f139c15c89cc45e9cb0199d2b212090f0fa [diff]
Manual update of scorecards to 2.0.3

A manual update is required to allow getting an oidc token to sign the results.
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 5f51be1..3bcfdad 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml

@@ -17,6 +17,8 @@
       security-events: write
       actions: read
       contents: read
+      # Needed to access OIDC token.
+      id-token: write
 
     steps:
       - name: "Checkout code"
@@ -25,7 +27,7 @@
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564
+        uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972
         with:
           results_file: results.sarif
           results_format: sarif