🔐 add OSSF scorecard

keep-starknet-strange · Dec 13, 2023 · 3171527 · 3171527
1 parent 84c7181
commit 3171527
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 1 deletion.
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -0,0 +1,54 @@
+name: Scorecard analysis workflow
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  push:
+    branches: [main]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed if using Code scanning alerts
+      security-events: write
+      # Needed for GitHub OIDC token if publish_results is true
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 30
+
+      # required for Code scanning alerts
+      - name: "Upload SARIF results to code scanning"
+        uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+        with:
+          sarif_file: results.sarif
diff --git a/README.md b/README.md
@@ -14,6 +14,11 @@
   <a href="https://unruggable.meme">https://unruggable.meme</a>
 </p>
 
+<a href="https://github.com/keep-starknet-strange/unruggable.meme/actions/workflows/contracts_test.yml"><img alt="GitHub Workflow Status (with event)" src="https://img.shields.io/github/actions/workflow/status/keep-starknet-strange/unruggable.meme/contracts_test.yml?style=for-the-badge" height=30></a>
+<a href="https://securityscorecards.dev/viewer/?uri=github.com/keep-starknet-strange/unruggable.meme"><img alt="OpenSSF Scorecard Report" src="https://img.shields.io/ossf-scorecard/github.com/keep-starknet-strange/unruggable.meme?label=openssf%20scorecard&style=for-the-badge" height=30></a>
+<a href="https://github.com/keep-starknet-strange/unruggable.meme/blob/main/LICENSE"><img src="https://img.shields.io/github/license/keep-starknet-strange/unruggable.meme.svg?style=for-the-badge" alt="Project license" height="30"></a>
+<a href="https://twitter.com/UnrugMemec0in"><img src="https://img.shields.io/twitter/follow/UnrugMemec0in?style=for-the-badge&logo=twitter" alt="Follow Unruggable Meme on Twitter" height="30"></a>
+
 Tired of getting *rugpulled*? Introducing Unruggable Meme, a project designed with security and transparency at its core. Our innovative contracts and safeguards ensure a fair and secure experience for all users.
 
 Become a meme lord and launch your own safe memecoin with [Unruggable Meme](https://unruggable.meme)!
@@ -61,7 +66,6 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://ceccon.me/"><img src="https://avatars.githubusercontent.com/u/282580?v=4?s=100" width="100px;" alt="Francesco Ceccon"/><br /><sub><b>Francesco Ceccon</b></sub></a><br /><a href="https://github.com/keep-starknet-strange/unruggable-memecoin/commits?author=fracek" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/enitrat"><img src="https://avatars.githubusercontent.com/u/60658558?v=4?s=100" width="100px;" alt="Mathieu"/><br /><sub><b>Mathieu</b></sub></a><br /><a href="https://github.com/keep-starknet-strange/unruggable-memecoin/commits?author=enitrat" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/Megumiiiiii"><img src="https://avatars.githubusercontent.com/u/98658943?v=4?s=100" width="100px;" alt="megumii"/><br /><sub><b>megumii</b></sub></a><br /><a href="https://github.com/keep-starknet-strange/unruggable-memecoin/commits?author=Megumiiiiii" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Pjewels"><img src="https://avatars.githubusercontent.com/u/149668320?v=4?s=100" width="100px;" alt="Pjewels"/><br /><sub><b>Pjewels</b></sub></a><br /><a href="https://github.com/keep-starknet-strange/unruggable-memecoin/commits?author=Pjewels" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>