From 97576345b16751a3f4f54afa5aaa581cff323c89 Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Wed, 28 Dec 2022 23:49:57 +0200 Subject: [PATCH] Remove scorecards (#37751) --- .github/workflows/scorecards.yml | 65 -------------------------------- README.md | 1 - 2 files changed, 66 deletions(-) delete mode 100644 .github/workflows/scorecards.yml diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index 0f40cf228c..0000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: Scorecards supply-chain security - -on: - # Only the default branch is supported. - branch_protection_rule: - push: - branches: - - main - schedule: - - cron: "16 10 * * 6" - workflow_dispatch: - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Used to receive a badge. - id-token: write - # Needs for private repositories. - contents: read - actions: read - - steps: - - name: Clone repository - uses: actions/checkout@v3 - with: - persist-credentials: false - - - name: Run analysis - uses: ossf/scorecard-action@v2.1.2 - with: - results_file: results.sarif - results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: results.sarif diff --git a/README.md b/README.md index 9f9374ced7..ba6f75c22a 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,6 @@ Read the [Getting started page](https://getbootstrap.com/docs/5.3/getting-starte [![BrowserStack Status](https://www.browserstack.com/automate/badge.svg?badge_key=SkxZcStBeExEdVJqQ2hWYnlWckpkNmNEY213SFp6WHFETWk2bGFuY3pCbz0tLXhqbHJsVlZhQnRBdEpod3NLSDMzaHc9PQ==--3d0b75245708616eb93113221beece33e680b229)](https://www.browserstack.com/automate/public-build/SkxZcStBeExEdVJqQ2hWYnlWckpkNmNEY213SFp6WHFETWk2bGFuY3pCbz0tLXhqbHJsVlZhQnRBdEpod3NLSDMzaHc9PQ==--3d0b75245708616eb93113221beece33e680b229) [![Backers on Open Collective](https://img.shields.io/opencollective/backers/bootstrap?logo=opencollective&logoColor=fff)](#backers) [![Sponsors on Open Collective](https://img.shields.io/opencollective/sponsors/bootstrap?logo=opencollective&logoColor=fff)](#sponsors) -![OpenSSF Scorecard](https://img.shields.io/ossf-scorecard/github.com/twbs/bootstrap) ## What's included