From 18617f73575fa711f3e4953a9ffb4de89905bfa5 Mon Sep 17 00:00:00 2001
From: LearningCircuit <185559241+LearningCircuit@users.noreply.github.com>
Date: Sun, 16 Nov 2025 13:20:22 +0100
Subject: [PATCH] Disable OSSF Scorecard result publishing

Set publish_results to false and remove custom summary step to avoid workflow verification errors.
---
 .github/workflows/ossf-scorecard.yml | 37 +---------------------------
 1 file changed, 1 insertion(+), 36 deletions(-)

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index c015f9c46..92beb23a2 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -41,7 +41,7 @@ jobs:
           results_file: results.sarif
           results_format: sarif
           # Publish results to enable scorecard badges
-          publish_results: true
+          publish_results: false
 
       - name: Upload OSSF Scorecard results to GitHub Security
         uses: github/codeql-action/upload-sarif@v4.31.2
@@ -55,38 +55,3 @@ jobs:
           name: ossf-scorecard-results
           path: results.sarif
           retention-days: 90
-
-      - name: Display OSSF Scorecard summary
-        if: always()
-        run: |
-          {
-            echo "## OSSF Scorecard Security Analysis"
-            echo ""
-            echo "✅ OSSF Scorecard analysis completed"
-            echo ""
-            echo "### What is OSSF Scorecard?"
-            echo "OSSF Scorecard checks your repository for security best practices including:"
-            echo "- **Branch Protection**: Ensures main branch has protection rules"
-            echo "- **Code Review**: Checks that code changes are reviewed"
-            echo "- **Signed Releases**: Verifies releases are cryptographically signed"
-            echo "- **SAST Tools**: Confirms static analysis tools are enabled"
-            echo "- **Dependency Updates**: Checks for automated dependency updates"
-            echo "- **Vulnerability Alerts**: Verifies security alerts are enabled"
-            echo "- **License**: Ensures repository has a license"
-            echo "- **CI Tests**: Checks for automated testing"
-            echo "- **Security Policy**: Verifies SECURITY.md exists"
-            echo "- **Dangerous Workflows**: Detects potentially dangerous GitHub Actions"
-            echo ""
-            echo "📊 **Results:**"
-            echo "- Detailed results uploaded to GitHub Security tab"
-            echo "- SARIF file available in artifacts"
-            echo ""
-            echo "🔗 **Links:**"
-            echo "- [Security Tab](https://github.com/${{ github.repository }}/security/code-scanning)"
-            echo "- [OSSF Scorecard Badge](https://securityscorecards.dev/viewer/?uri=github.com/${{ github.repository }})"
-            echo ""
-            echo "💡 **Add Badge to README:**"
-            echo '```markdown'
-            echo "[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/${{ github.repository }}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/${{ github.repository }})"
-            echo '```'
-          } >> "$GITHUB_STEP_SUMMARY"