:warning: Furthermore: the read-only PAT that is currently being used by this workflow is owned by me. Since I am no longer a collaborator, I will be unable to update the repository secret that contains this PAT after it expires. As such, please try to verify and merge this PR within the next week to avoid potential workflow failures! ⏳
github-actions[bot]
commented
6 months ago 
The currently recommended approach for using the
ossf/scorecard-actionis to use the ActionsGITHUB_TOKENinstead of a custom Personal Access Token:https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional
This can also be seen in the related example workflow that OSSF provides:
https://github.com/ossf/scorecard/blob/62aca9907cbc960f45bc698bdf8c98c6bb76c2c0/.github/workflows/scorecard-analysis.yml
:warning: Furthermore: the read-only PAT that is currently being used by this workflow is owned by me. Since I am no longer a collaborator, I will be unable to update the repository secret that contains this PAT after it expires. As such, please try to verify and merge this PR within the next week to avoid potential workflow failures! ⏳