forked from mirrors/jj
github: make Scorecard security scanner not use access token
Google's security team asked us to remove this use of a PAT. It's apparently supposed to work without it, it's just that it won't be able to check that we have bronch protection set up.
This commit is contained in:
Martin von Zweigbergk
Martin von Zweigbergk
parent
a569ac07f6
commit
79d6779995
1 changed files with 0 additions and 3 deletions
3
.github/workflows/scorecards.yml
vendored
3
.github/workflows/scorecards.yml
vendored
|
|
@ -30,9 +30,6 @@ jobs:
|
|||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
# Read-only PAT token. To create it,
|
||||
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
|
||||
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
||||
# Publish the results to enable scorecard badges. For more details, see
|
||||
# https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories, `publish_results` will automatically be set to `false`,
|
||||
|
|
|
|||
Loading…
Reference in a new issue