diff --git a/.github/workflows/.docker.yaml b/.github/workflows/.docker.yaml index c57670c6b..ef2511e35 100644 --- a/.github/workflows/.docker.yaml +++ b/.github/workflows/.docker.yaml @@ -189,7 +189,7 @@ jobs: cache-db: true - name: upload Anchore scan SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: ${{ steps.scan.outputs.sarif }} trivy: @@ -212,7 +212,7 @@ jobs: scanners: vuln,secret,misconfig,license - name: Upload Trivy scan results to GitHub Security tab if: success() || failure() - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: trivy-results-image.sarif dockle: @@ -233,7 +233,7 @@ jobs: ignore: CIS-DI-0006 - name: upload Dockle scan SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: dockle.sarif api_test: diff --git a/.github/workflows/.lint.yaml b/.github/workflows/.lint.yaml index 078072844..b688d81d8 100644 --- a/.github/workflows/.lint.yaml +++ b/.github/workflows/.lint.yaml @@ -149,7 +149,7 @@ jobs: ${{matrix.output == 'sarif' && '--output-file ruff.sarif' || ''}} - name: upload Ruff scan SARIF report if: matrix.output == 'sarif' && ( success() || failure() ) - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: ruff.sarif - name: Commit and push applied Ruff fixes @@ -226,7 +226,7 @@ jobs: cache-db: true - name: upload Anchore scan SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: ${{ steps.scan.outputs.sarif }} trivy: @@ -269,7 +269,7 @@ jobs: scanners: vuln,secret,misconfig - name: Upload Trivy scan results to GitHub Security tab if: matrix.scan-type != 'fs' && ( success() || failure() ) - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: ${{ matrix.output }} category: ${{ matrix.scan-type }} @@ -337,7 +337,7 @@ jobs: output-file: hadolint.sarif - name: upload Hadolint scan SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: hadolint.sarif actionlint: diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 133385252..a3f7f6a03 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -1140,7 +1140,7 @@ jobs: path: /tmp/gh-aw/sarif/ - name: Upload SARIF to GitHub Code Scanning id: upload_code_scanning_sarif - uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} sarif_file: /tmp/gh-aw/sarif/code-scanning-alert.sarif