From 38681981ee161f9d837d67913a01c854d15343c3 Mon Sep 17 00:00:00 2001 From: Blake Burkhart Date: Thu, 4 Apr 2024 15:25:32 -0500 Subject: [PATCH] Use default GITHUB_TOKEN for ossf/scorecard-action Zarf's branch protection was switched to rulesets instead of classic branch protection (temporarily in evaluate mode). A PAT is no longer needed. See: https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional --- .github/workflows/scorecard.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 1dcc7704ac..f98ea7bdd1 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -31,7 +31,6 @@ jobs: with: results_file: results.sarif results_format: sarif - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF