Skip to content
This repository was archived by the owner on Jun 16, 2026. It is now read-only.

Commit 20fa726

Browse files
committed
using main scanner
1 parent 0244b83 commit 20fa726

11 files changed

Lines changed: 18 additions & 18 deletions

.github/workflows/attest.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ jobs:
8686
fi
8787
8888
- name: Get SBOM
89-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
89+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
9090
with:
9191
args: >
9292
sh -c "
@@ -95,7 +95,7 @@ jobs:
9595
env:
9696
API_ARTIFACT_NAME: ${{ env.API_ARTIFACT_NAME }}
9797
- name: Get VeX
98-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
98+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
9999
with:
100100
args: >
101101
sh -c "
@@ -104,14 +104,14 @@ jobs:
104104
env:
105105
API_ARTIFACT_NAME: ${{ env.API_ARTIFACT_NAME }}
106106
- name: Get SAST-Results
107-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
107+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
108108
with:
109109
args: >
110110
sh -c "
111111
slug=$(devguard-scanner slug ${{ github.ref_name }}) && devguard-scanner curl '${{ inputs.api-url }}/api/v1/organizations/${{ inputs.asset-name }}/refs/'$slug'/sarif.json' --token='${{ secrets.devguard-token }}' > sarif.json
112112
"
113113
- name: Attest SBOM
114-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
114+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
115115
with:
116116
args: >
117117
sh -c "
@@ -124,7 +124,7 @@ jobs:
124124
env:
125125
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
126126
- name: Attest VeX
127-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
127+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
128128
with:
129129
args: >
130130
sh -c "
@@ -137,7 +137,7 @@ jobs:
137137
env:
138138
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
139139
- name: Attest SAST-Results
140-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
140+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
141141
with:
142142
args: >
143143
sh -c "
@@ -155,7 +155,7 @@ jobs:
155155
with:
156156
name: build${{ inputs.image-suffix }}.provenance.json
157157
- name: Attest build-provenance.json
158-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
158+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
159159
continue-on-error: true
160160
with:
161161
args: >

.github/workflows/build-image.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ jobs:
6363
persist-credentials: false
6464
- name: In-Toto Provenance record start
6565
id: in-toto-start
66-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
66+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
6767
with:
6868
args: devguard-scanner intoto start --step=build --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }}
6969
continue-on-error: true
@@ -192,7 +192,7 @@ jobs:
192192
path: image-tag.txt
193193

194194
- name: In-Toto Provenance record stop
195-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
195+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
196196
with:
197197
args: devguard-scanner intoto stop --step=build --products=image-digest.txt --products=image-tag.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --generateSlsaProvenance
198198
continue-on-error: true

.github/workflows/code-risk-identification.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,6 @@ jobs:
4646
if: ${{ inputs.sarif-artifact-name != '' }}
4747

4848
- name: DevGuard Code Risk Identification
49-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
49+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
5050
with:
5151
args: devguard-scanner sarif ${{ inputs.sarif-file }} --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/container-scanning.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ jobs:
9797
if: inputs.fetch-image-from-registry == true
9898

9999
- name: DevGuard Container-Scanning
100-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
100+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
101101
with:
102102
args: devguard-scanner container-scanning --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.image-path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --failOnRisk=${{ inputs.fail-on-risk }} --failOnCVSS=${{ inputs.fail-on-cvss }} --artifactName=${{ env.ARTIFACT_NAME }} --webUI=${{ inputs.web-ui }}
103103
env:

.github/workflows/dependency-risk-identification.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,6 @@ jobs:
6363
if: ${{ inputs.sbom-artifact-name != '' }}
6464

6565
- name: DevGuard Dependency Risk Identification
66-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
66+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
6767
with:
6868
args: devguard-scanner sbom ${{ inputs.sbom-file }} --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --artifactName=${{ inputs.artifact-name }} --webUI=${{ inputs.web-ui }} --failOnRisk=${{ inputs.fail-on-risk }} --failOnCVSS=${{ inputs.fail-on-cvss }}

.github/workflows/deploy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ jobs:
7373
run: echo "DIGEST=$(cat image-digest.txt)" >> $GITHUB_ENV
7474

7575
- name: In-Toto Provenance run
76-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
76+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
7777
with:
7878
args: devguard-scanner intoto run --step=deploy --materials=image-tag.txt --products=image-tag.txt --products=image-digest.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --supplyChainOutputDigest="${{ env.DIGEST }}"
7979
continue-on-error: true

.github/workflows/iac.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
persist-credentials: false
4040
fetch-depth: 0
4141
- name: DevGuard Infrastructure as Code
42-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
42+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
4343
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4444
with:
4545
args: devguard-scanner iac --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/secret-scanning.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ jobs:
4040
persist-credentials: false
4141
uses: actions/checkout@v4
4242
- name: DevGuard Secret-Scanning
43-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
43+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
4444
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4545
with:
4646
args: devguard-scanner secret-scanning --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/sign.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,6 @@ jobs:
5858
run: echo "IMAGE_TAG_AND_DIGEST=$(cat image-tag.txt)@$(cat image-digest.txt)" >> $GITHUB_ENV
5959

6060
- name: DevGuard Image-Signing
61-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
61+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
6262
with:
6363
args: devguard-scanner sign -u ${{ github.actor }} -r ghcr.io -p ${{ secrets.GITHUB_TOKEN }} --token="${{ secrets.devguard-token }}" ${{ env.IMAGE_TAG_AND_DIGEST }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }}

.github/workflows/software-composition-analysis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747
persist-credentials: true # we need the credentials to be able to use the devguard-scanner in private repositories
4848
uses: actions/checkout@v4 # Check out the repository content to the runner
4949
- name: DevGuard SCA
50-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
50+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
5151
with:
5252
args: devguard-scanner sca --assetName=${{ inputs.asset-name }} --apiUrl=${{
5353
inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{

0 commit comments

Comments
 (0)