From 9edb7906df5fe6b30eadd9acb1d78c628e14d77d Mon Sep 17 00:00:00 2001
From: Guillaume Hetier <guhetier@microsoft.com>
Date: Mon, 23 Feb 2026 09:17:38 -0800
Subject: [PATCH 1/2] Disable the scorecard analysis

---
 .github/workflows/scorecards-analysis.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 8d2053864a..a8ae612e36 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -1,10 +1,10 @@
 name: Scorecards supply-chain security
 
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
+on: workflow_dispatch
+#  push:
+#    branches: [ main ]
+#  pull_request:
+#    branches: [ main ]
 
 # Declare default permissions as read only.
 permissions: read-all

From e810e66feb80475c7cd408d4948a17f3cd840d0c Mon Sep 17 00:00:00 2001
From: Guillaume Hetier <guhetier@microsoft.com>
Date: Tue, 3 Mar 2026 17:42:58 -0800
Subject: [PATCH 2/2] Delete the token instead

---
 .github/workflows/scorecards-analysis.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index a8ae612e36..0fa9ade169 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -1,10 +1,10 @@
 name: Scorecards supply-chain security
 
-on: workflow_dispatch
-#  push:
-#    branches: [ main ]
-#  pull_request:
-#    branches: [ main ]
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -32,9 +32,6 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-          # Read-only PAT token. To create it,
-          # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
-          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
           # Publish the results to enable scorecard badges. For more details, see
           # https://github.com/ossf/scorecard-action#publishing-results.
           # For private repositories, `publish_results` will automatically be set to `false`,