diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 56e8448b0c..58e4848046 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # tag=v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # tag=v3.25.8 with: sarif_file: results.sarif diff --git a/.github/workflows/test-checks.yaml b/.github/workflows/test-checks.yaml index 5f128e5e52..143258c6a8 100644 --- a/.github/workflows/test-checks.yaml +++ b/.github/workflows/test-checks.yaml @@ -41,7 +41,7 @@ jobs: ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff with: sarif_file: 'trivy-results.sarif' @@ -61,13 +61,13 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff cocogitto: runs-on: ubuntu-latest @@ -92,7 +92,7 @@ jobs: - uses: actions/checkout@v4 - run: ./.bin/install-gitleaks-linux-x64.sh - run: ./gitleaks detect --exit-code 0 --report-format sarif --report-path "gitleaks.sarif" - - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff with: sarif_file: 'gitleaks.sarif' diff --git a/.github/workflows/test-code.yaml b/.github/workflows/test-code.yaml index 8c53f1430c..cfe348c834 100644 --- a/.github/workflows/test-code.yaml +++ b/.github/workflows/test-code.yaml @@ -59,7 +59,7 @@ jobs: fs.writeFileSync('results.sarif', JSON.stringify(sarifJson, null, 2)); EOF working-directory: ./app - - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff with: sarif_file: app/results.sarif diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml index 5cac7b4619..fb996c847d 100644 --- a/.github/workflows/test-containers.yaml +++ b/.github/workflows/test-containers.yaml @@ -37,7 +37,7 @@ jobs: severity: CRITICAL timeout: 10m0s - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff with: sarif_file: 'trivy-results.sarif' - name: Get Results Length From Sarif @@ -64,7 +64,7 @@ jobs: severity: CRITICAL timeout: 10m0s - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff with: sarif_file: 'trivy-results.sarif' - name: Get Results Length From Sarif