From 2eb6faa5083e2fb860dc5e9d70a1a4fa87063d7c Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Sat, 20 Jun 2026 14:38:34 +0000
Subject: [PATCH] chore: synced local '.github/workflows/ossf-scorecard.yml'
 with remote 'tools/sre_file_sync/ossf-scorecard.yml'

---
 .github/workflows/ossf-scorecard.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 6630c262aa..77b93291b4 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -9,6 +9,7 @@ on:
       - main
 
 permissions:
+  id-token: write
   contents: read
   issues: read
   pull-requests: read
@@ -48,9 +49,11 @@ jobs:
           jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
 
       - name: "Post results to Sentinel"
-        uses: cds-snc/sentinel-forward-data-action@01db4a9203054ecdb60ff368c3cdfca71d62e85f
+        uses: cds-snc/sentinel-forward-data-action@2b0831903177e4ba07c850c71ab2645f72cab269
         with:
           file_name: ossf-results-modified.json
-          log_type: GitHubMetadata_OSSF_Scorecard
-          log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
-          log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
+          dce_endpoint: ${{ secrets.SENTINEL_DCE_ENDPOINT }}
+          dcr_rule_id: ${{ secrets.SENTINEL_DCR_RULE_ID_OSSF }}
+          stream_name: ${{ secrets.SENTINEL_STREAM_NAME_OSSF }}
+          azure_client_id: ${{ secrets.SENTINEL_V2_AZURE_CLIENT_ID }}
+          azure_tenant_id: ${{ secrets.SENTINEL_V2_AZURE_TENANT_ID }}