ci: fix Scorecard action pin to v2.4.2 (#98) #75

	name: OpenSSF Scorecard
	on:
	push:
	branches: ["main"]
	schedule:
	- cron: "0 6 * * 1"
	workflow_dispatch:

	permissions:
	contents: read

	concurrency:
	group: scorecard-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	analysis:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	id-token: write
	steps:
	- uses: actions/checkout@v5
	with:
	persist-credentials: false

	- name: Run Scorecard (private publish)
	uses: ossf/[email protected]
	with:
	results_file: results.sarif
	results_format: sarif
	publish_results: false

	- name: Upload SARIF to code scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: results.sarif

Provide feedback