Adding SSF Badge (#335)

* Adding SSF Badge. Applying Linter recom to README.md file. * Fixing Token-Permissions. --------- Co-authored-by: Victor Saad Bueno Valadares <[email protected]>
Azure · Jan 20, 2025 · 8a3284e · 8a3284e
1 parent 9ba04cf
commit 8a3284e
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 22 deletions.
diff --git a/.github/workflows/armbuild.yml b/.github/workflows/armbuild.yml
@@ -1,6 +1,9 @@
 name: ARM Build Action
 on: push
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   build:
     name: ARM

diff --git a/.github/workflows/lint-code.yml b/.github/workflows/lint-code.yml
@@ -7,6 +7,9 @@
           - main
       workflow_dispatch: {}
 
+    # Declare default permissions as read only.
+    permissions: read-all
+
     jobs:
       super-linter:
         name: GitHub Super Linter

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
@@ -1,6 +1,9 @@
 name: Spellcheck Action
 on: push
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   build:
     name: Spellcheck

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -5,6 +5,9 @@ on:
       - main
   pull_request:
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   trivy-scanning-job:
     name: trivy-sec-scan

diff --git a/.github/workflows/wiki-sync.yml b/.github/workflows/wiki-sync.yml
@@ -10,6 +10,9 @@ on:
       - "docs/wiki/**"
   workflow_dispatch: {}
 
+# Declare default permissions as read only.
+permissions: read-all
+
 env:
   wiki_source_repo: "${{ github.repository }}"
   wiki_source_repo_dir: "${{ github.repository }}/docs/wiki"

diff --git a/README.md b/README.md
@@ -1,4 +1,12 @@
-# Navigation Menu
+# Enterprise-Scale for AVS
+
+Welcome to the Enterprise Scale for Azure VMware Solution (AVS) repository
+
+[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/Azure/Enterprise-Scale-for-AVS.svg)](http://isitmaintained.com/project/Azure/Enterprise-Scale-for-AVS "Average time to resolve an issue")
+[![Percentage of issues still open](http://isitmaintained.com/badge/open/Azure/Enterprise-Scale-for-AVS.svg)](http://isitmaintained.com/project/Azure/Enterprise-Scale-for-AVS "Percentage of issues still open")
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/Azure/Enterprise-Scale-for-AVS/badge)](https://scorecard.dev/viewer/?uri=github.com/Azure/Enterprise-Scale-for-AVS "OpenSSF Scorecard")
+
+## Navigation Menu
 
 * [Getting Started](GettingStarted.md)
 * Deployment Scenarios
@@ -10,14 +18,6 @@
 
 ---
 
-# Enterprise-Scale for AVS
-
-Welcome to the Enterprise Scale for Azure VMware Solution (AVS) repository
-
-[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/Azure/Enterprise-Scale-for-AVS.svg)](http://isitmaintained.com/project/Azure/Enterprise-Scale-for-AVS "Average time to resolve an issue")
-
-[![Percentage of issues still open](http://isitmaintained.com/badge/open/Azure/Enterprise-Scale-for-AVS.svg)](http://isitmaintained.com/project/Azure/Enterprise-Scale-for-AVS "Percentage of issues still open")
-
 ## User Guide
 
 To find out more about the Azure landing zones reference implementation, please refer to the [documentation on our Wiki](https://github.com/Azure/Enterprise-Scale-for-AVS/wiki)
@@ -28,7 +28,6 @@ Enterprise-scale for AVS represents the strategic design path and target technic
 
 ![Golden state platform foundation with AVS Landing Zone highlighted in red](./docs/images/azure-vmware-eslz-architecture.png)
 
-
 The enterprise-scale for AVS only talks about with what gets deployed in the specific AVS landing zone subscription highlighted by the red box in the picture above. It is assumed that an appropriate platform foundation is already setup which may or may not be the official ESLZ platform foundation. This means that policies and governance should already be in place or should be setup after this implementation and are not a part of the scope this program. The policies applied to management groups in the hierarchy above the subscription will trickle down to the Enterprise-scale for AVS landing zone subscription.
 
 This repository contains reference implementation scenarios based on a number of different scenarios. For each scenario, we have included both ARM and Bicep as the deployment languages
@@ -37,16 +36,15 @@ This repository contains reference implementation scenarios based on a number of
 
 In this repository, you get access to various customer scenarios that can help accelerate the development and deployment of AVS clusters that conform with Enterprise-Scale for AVS best practices and guidelines. Each scenario aims to represent common customer experiences with the goal of accelerating the process of developing and deploying conforming AVS clusters using IaC as well as providing a step-by-step learning experience.
 
-
 ## AVS Greenfield Deployment
 
 This deployment is best suited to those looking to provision a new AVS Private Cloud, the automation will let you choose and deploy the following:
-- AVS Private Cloud: Choose New or Existing
-- [Optional]: Choose New or Existing virtual network (VNet)
-- [Optional]: Deploy Dashboards and Monitoring
-- [Optional]: Enable Diagnostics and Logging for AVS
-- [Optional]: Enable HCX and SRM
 
+* AVS Private Cloud: Choose New or Existing
+* [Optional]: Choose New or Existing virtual network (VNet)
+* [Optional]: Deploy Dashboards and Monitoring
+* [Optional]: Enable Diagnostics and Logging for AVS
+* [Optional]: Enable HCX and SRM
 
 |Greenfield deployment options:          |                           |
 |:-------------------------------------|:------------------------: |
@@ -57,17 +55,16 @@ This deployment is best suited to those looking to provision a new AVS Private C
 ## AVS Greenfield Lite Deployment
 
 This deployment is a lite version of the full AVS Greenfield Deployment and will deploy the following:
-- New AVS Private Cloud - Allows for a custom resource group name and Private Cloud Name
-- or Choose an existing AVS Private Cloud
-- [Optional]: Deploy AVS Monitoring 
-- [Optional]: Deploy HCX and SRM
 
+* New AVS Private Cloud - Allows for a custom resource group name and Private Cloud Name
+* or Choose an existing AVS Private Cloud
+* [Optional]: Deploy AVS Monitoring
+* [Optional]: Deploy HCX and SRM
 
 |Greenfield Lite deployment:          |                           |
 |:-------------------------------------|:------------------------: |
 |Azure portal UI          |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale-for-AVS%2Fmain%2FAVS-Landing-Zone%2FGreenField%2520Lite%2FPortalUI%2FARM%2FGreenFieldLiteDeploy.deploy.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale-for-AVS%2Fmain%2FAVS-Landing-Zone%2FGreenField%2520Lite%2FPortalUI%2FARM%2FGreenFieldLiteDeploy.PortalUI.json)      |
 
-
 ## Terraform modules for additional deployment scenarios and samples
 
 We've created a number of additional Terraform modules for AVS related deployment activities. Details on these modules can be found in the [Terraform readme.](./terraform/readme.md)