From 734bbef9fd2369692e64bd51ebc9da5541888d76 Mon Sep 17 00:00:00 2001
From: iWas-Coder <wasymatieh01@gmail.com>
Date: Fri, 4 Oct 2024 11:23:44 +0200
Subject: [PATCH] Added OSSF security analysis workflow (scorecard)

---
 .github/workflows/security-analysis.yaml | 32 ++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .github/workflows/security-analysis.yaml

diff --git a/.github/workflows/security-analysis.yaml b/.github/workflows/security-analysis.yaml
new file mode 100644
index 0000000..7e300f5
--- /dev/null
+++ b/.github/workflows/security-analysis.yaml
@@ -0,0 +1,32 @@
+name: security-analysis
+
+on:
+  push:
+    branches: [master]
+    paths: ['.github/workflows/security-analysis.yaml']
+  schedule:
+    - cron: '0 9 * * 1'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  security-analysis:
+    permissions:
+      id-token: write
+      security-events: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout-repo
+        uses: actions/checkout@v4
+      - name: run-checks
+        uses: ossf/scorecard-action@v2.4.0
+        with:
+          results_format: sarif
+          results_file: results.sarif
+          publish_results: true
+      - name: upload-results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif