diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 877a553c99..627a157f92 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -70,4 +70,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index c33bb6328c..7af137fd07 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -27,7 +27,7 @@ jobs: with: arguments: dependencyCheckAggregate - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 continue-on-error: true with: sarif_file: build/reports/dependency-check-report.sarif diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index b925a950e0..4373abad32 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -23,6 +23,6 @@ jobs: - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml index 751c819015..61da3ba522 100644 --- a/.github/workflows/qodana.yml +++ b/.github/workflows/qodana.yml @@ -26,7 +26,7 @@ jobs: - name: Qodana - Code Inspection uses: JetBrains/qodana-action@main - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json - name: View Instructions diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index e131d2d634..cb877ed711 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index d013d1d74b..f1067a8736 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -25,7 +25,7 @@ jobs: p/semgrep-rule-lints p/semgrep-misconfigurations - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: semgrep.sarif if: always() diff --git a/.github/workflows/snyke.yml b/.github/workflows/snyke.yml index 0ee4265a7d..b10f226b5d 100644 --- a/.github/workflows/snyke.yml +++ b/.github/workflows/snyke.yml @@ -29,7 +29,7 @@ jobs: continue-on-error: true run: ./gradlew snyk-test - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif - name: Run Snyk monitor