A specific version of the ossf/scorecard-action is approved by Apache Infra.
Do not merge ossf/scorecard-action PRs, this will cause the next run of
ossf/scorecard-action to fail (see the logs).
When it is eventually time to merge (in the future), please edit the PR to
fix the comment, for example:
- name: "Run analysis"
- uses:
ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # 1.1.2
+ uses:
ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # 1.1.2
with:
results_file: results.sarif
results_format: sarif
The above is misleading since the pinned commit no longer matches the
version, so edit the version comment.
TY!
Gary
