From 1e70f3ea5bb8bd87698a41fa9214d5dcf4faf789 Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 22 Aug 2025 08:56:15 +0200 Subject: [PATCH 1/4] update upload-artifact version to 4.6.2 --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 96379ba1..6dfef965 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif From 05ead1dbb9f8ac3de9cc76b1c3c74463efda115e Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 22 Aug 2025 09:05:28 +0200 Subject: [PATCH 2/4] also run scorecards when pushing/pull_requesting to develop branch --- .github/workflows/scorecards.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6dfef965..2c2989ee 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -17,10 +17,9 @@ on: schedule: - cron: '25 15 * * 3' push: - branches: [ "main" ] + branches: [ "main", "develop" ] pull_request: - branches: - - main + branches: [ "main", "develop" ] # Declare default permissions as read only. permissions: read-all From c6220febe469c4624b100ff633644195295daf34 Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 22 Aug 2025 09:12:12 +0200 Subject: [PATCH 3/4] change action version 4.3.3 --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2c2989ee..5b8ff0c3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -66,7 +66,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif From fc4d2045fb75e87814e3c5e3facbcad389d2d9fe Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 22 Aug 2025 09:21:49 +0200 Subject: [PATCH 4/4] update version of codeql-action/upload-sarif to v3.25.6 --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 5b8ff0c3..a0025b23 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -74,6 +74,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif