update scorecard-action to 2.3.3 via SHA

set the scorecard analysis job w/ continue-on-error so it cant mark a build as failed by itself
jshttp · Jul 12, 2024 · 75fb85a · 75fb85a
1 parent 03458dc
commit 75fb85a
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -21,6 +21,7 @@ jobs:
   analysis:
     name: Scorecard analysis
     runs-on: ubuntu-latest
+    continue-on-error: true  # This ensures the job won't fail the commit status
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
@@ -37,7 +38,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -69,4 +70,4 @@ jobs:
       - name: "Upload to code-scanning"
         uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif