diff --git a/.github/workflows/generate-sboms.yml b/.github/workflows/generate-sboms.yml index 6440dc0875..4429d7a4bc 100644 --- a/.github/workflows/generate-sboms.yml +++ b/.github/workflows/generate-sboms.yml @@ -36,7 +36,7 @@ jobs: find scancodeio/ -type f -name "*.ABOUT" -exec cp {} "${{ env.INPUTS_PATH }}/about-files/" \; - name: Resolve the dependencies using ScanCode-action - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "resolve_dependencies:DynamicResolver" inputs-path: ${{ env.INPUTS_PATH }} diff --git a/.github/workflows/sca-integration-anchore.yml b/.github/workflows/sca-integration-anchore.yml index f57339fd02..2142467e08 100644 --- a/.github/workflows/sca-integration-anchore.yml +++ b/.github/workflows/sca-integration-anchore.yml @@ -43,7 +43,7 @@ jobs: retention-days: 20 - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "anchore-grype-sbom.cdx.json" diff --git a/.github/workflows/sca-integration-cdxgen.yml b/.github/workflows/sca-integration-cdxgen.yml index ded93df560..5955900387 100644 --- a/.github/workflows/sca-integration-cdxgen.yml +++ b/.github/workflows/sca-integration-cdxgen.yml @@ -46,7 +46,7 @@ jobs: retention-days: 20 - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "cdxgen-sbom.cdx.json" diff --git a/.github/workflows/sca-integration-cyclonedx-gomod.yml b/.github/workflows/sca-integration-cyclonedx-gomod.yml index ea39bd659f..4442329737 100644 --- a/.github/workflows/sca-integration-cyclonedx-gomod.yml +++ b/.github/workflows/sca-integration-cyclonedx-gomod.yml @@ -46,7 +46,7 @@ jobs: retention-days: 20 - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "gomod-sbom.cdx.json" diff --git a/.github/workflows/sca-integration-depscan.yml b/.github/workflows/sca-integration-depscan.yml index 76cb16aace..58c12d3072 100644 --- a/.github/workflows/sca-integration-depscan.yml +++ b/.github/workflows/sca-integration-depscan.yml @@ -51,7 +51,7 @@ jobs: run: pip uninstall --yes owasp-depscan - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "reports/sbom-docker.vdr.json" diff --git a/.github/workflows/sca-integration-ort-package-file.yml b/.github/workflows/sca-integration-ort-package-file.yml index 14ee50419d..57afa18f6f 100644 --- a/.github/workflows/sca-integration-ort-package-file.yml +++ b/.github/workflows/sca-integration-ort-package-file.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Analyze Docker image with ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "analyze_docker_image" input-urls: diff --git a/.github/workflows/sca-integration-ort.yml b/.github/workflows/sca-integration-ort.yml index 25f5d82fe4..1d13937af1 100644 --- a/.github/workflows/sca-integration-ort.yml +++ b/.github/workflows/sca-integration-ort.yml @@ -57,7 +57,7 @@ jobs: reporter - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "${{ env.ORT_RESULTS_PATH }}/bom.cyclonedx.json" @@ -96,7 +96,7 @@ jobs: reporter - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "${{ env.ORT_RESULTS_PATH }}/bom.cyclonedx.json" @@ -158,7 +158,7 @@ jobs: name: npm-mime-types-2.1.26-ort-sboms - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "bom.cyclonedx.json" @@ -184,7 +184,7 @@ jobs: name: npm-mime-types-2.1.26-ort-sboms - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "bom.cyclonedx.xml" @@ -210,7 +210,7 @@ jobs: name: npm-mime-types-2.1.26-ort-sboms - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "bom.spdx.json" @@ -236,7 +236,7 @@ jobs: name: npm-mime-types-2.1.26-ort-sboms - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "bom.spdx.yml" diff --git a/.github/workflows/sca-integration-osv-scanner.yml b/.github/workflows/sca-integration-osv-scanner.yml index 2bc594026f..29bf3ee418 100644 --- a/.github/workflows/sca-integration-osv-scanner.yml +++ b/.github/workflows/sca-integration-osv-scanner.yml @@ -51,7 +51,7 @@ jobs: retention-days: 20 - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "osv-sbom.spdx.json" diff --git a/.github/workflows/sca-integration-sbom-tool.yml b/.github/workflows/sca-integration-sbom-tool.yml index 14ef30c99b..44499d9098 100644 --- a/.github/workflows/sca-integration-sbom-tool.yml +++ b/.github/workflows/sca-integration-sbom-tool.yml @@ -52,7 +52,7 @@ jobs: path: sbom-output - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "sbom-output/_manifest/spdx_2.2/manifest.spdx.json" diff --git a/.github/workflows/sca-integration-trivy.yml b/.github/workflows/sca-integration-trivy.yml index c05e538cce..923a595293 100644 --- a/.github/workflows/sca-integration-trivy.yml +++ b/.github/workflows/sca-integration-trivy.yml @@ -45,7 +45,7 @@ jobs: retention-days: 20 - name: Import SBOM into ScanCode.io - uses: aboutcode-org/scancode-action@8adbf888f487c3cdf6c15386035769cd03a94c66 + uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b with: pipelines: "load_sbom" inputs-path: "trivy-report.sbom.json"