[llvm] Add Scorecard Action (PR #69933)
Diogo Teles Sant'Anna via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 7 06:02:08 PST 2023
================
@@ -0,0 +1,63 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+# Check current LLVM-Project results here: https://securityscorecards.dev/viewer/?uri=github.com/llvm/llvm-project
+
+name: Scorecard supply-chain security
+on:
+ # For Branch-Protection check. Only the default branch is supported. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+ branch_protection_rule:
+ # To guarantee Maintained check is occasionally updated. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+ schedule:
+ - cron: '38 20 * * 4'
+ push:
+ branches: [ "main" ]
----------------
diogoteles08 wrote:
Hi! Sorry for the late reply.
Totally understand the problems with API limits, we're facing them as well haha
The downside would be mostly not having Scorecard always up to date with the code on main, but that shouldn't be a huge problem considering we've already scheduled a cronjob to run it periodically. As it is now, we're running it "At 20:38 on every Thursday", which should already be fine. If you think it wouldn't hurt your API limits, we could change it to run it daily, on a period that the API is least used, and it would be even smoother.
https://github.com/llvm/llvm-project/pull/69933
More information about the llvm-commits
mailing list