Bump scorecard analysis to a newer version.

This should allow us to generate a badge to see score without needing to also run from command line. PiperOrigin-RevId: 464870120
2025-12-06 12:20:11 +01:00 · 2022-08-02 13:18:08 -07:00 · 2022-08-02 13:18:08 -07:00 · 040407b22b
commit 040407b22b
parent c3eb6351bd
1 changed files with 2 additions and 1 deletions
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@ -33,6 +33,7 @@ jobs:
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
+      id-token: write
      actions: read
      contents: read

@ -43,7 +44,7 @@ jobs:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a # v1.0.0
+        uses: ossf/scorecard-action@3155d134e59d8f47261b1ae9d143034c69572227 # v2.0.0-beta.1
        with:
          results_file: results.sarif
          results_format: sarif