File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -39,23 +39,23 @@ jobs:
3939 - name : Checkout
4040 uses : actions/checkout@v4
4141
42- - name : Initialize CodeQL
43- uses : github/codeql-action/init@v3
44- with :
45- languages : ${{ matrix.language }}
46- queries : security-extended,security-and-quality
47-
4842 - name : Set up Go
4943 if : matrix.language == 'go'
5044 uses : actions/setup-go@v5
5145 with :
5246 go-version : " 1.22"
5347 cache-dependency-path : sdk/go/go.mod
5448
49+ - name : Initialize CodeQL
50+ uses : github/codeql-action/init@v4
51+ with :
52+ languages : ${{ matrix.language }}
53+ queries : security-extended,security-and-quality
54+
5555 - name : Build Go SDK
5656 if : matrix.language == 'go'
5757 working-directory : sdk/go
5858 run : go test ./...
5959
6060 - name : Perform CodeQL Analysis
61- uses : github/codeql-action/analyze@v3
61+ uses : github/codeql-action/analyze@v4
Original file line number Diff line number Diff line change @@ -13,9 +13,6 @@ permissions:
1313 id-token : write
1414 security-events : write
1515
16- env :
17- FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 : true
18-
1916concurrency :
2017 group : scorecard-${{ github.workflow }}-${{ github.ref }}
2118 cancel-in-progress : true
3835 publish_results : true
3936
4037 - name : Upload SARIF
41- uses : github/codeql-action/upload-sarif@v3
38+ uses : github/codeql-action/upload-sarif@v4
4239 with :
4340 sarif_file : scorecard.sarif
Original file line number Diff line number Diff line change @@ -8,7 +8,11 @@ Security fixes target the current `main` branch and the latest tagged release. O
88
99## Reporting a Vulnerability
1010
11- Use GitHub Private Vulnerability Reporting from the repository's ** Security** tab when it is enabled. Include:
11+ Use GitHub Private Vulnerability Reporting from the repository's ** Security** tab when it is enabled:
12+
13+ https://github.com/Kickflip73/agent-communication-protocol/security/advisories/new
14+
15+ Include:
1216
1317- A short description of the issue and affected component
1418- Reproduction steps or a proof of concept
@@ -25,4 +29,6 @@ Please avoid opening public GitHub issues for vulnerabilities until a maintainer
2529
2630## Security Documentation
2731
28- See [ docs/security.md] ( docs/security.md ) for the relay security model, identity notes, and operational hardening guidance.
32+ See the published security model for relay identity notes and operational hardening guidance:
33+
34+ https://kickflip73.github.io/agent-communication-protocol/security/
You can’t perform that action at this time.
0 commit comments