Skip to content
This repository was archived by the owner on Jun 16, 2026. It is now read-only.

Commit 441e9ed

Browse files
committed
fixes wrong ref
1 parent 73abe09 commit 441e9ed

11 files changed

Lines changed: 18 additions & 18 deletions

.github/workflows/attest.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ jobs:
7878
fi
7979
8080
- name: Get SBOM
81-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
81+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
8282
with:
8383
args: >
8484
sh -c "
@@ -87,7 +87,7 @@ jobs:
8787
env:
8888
API_ARTIFACT_NAME: ${{ env.API_ARTIFACT_NAME }}
8989
- name: Get VeX
90-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
90+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
9191
with:
9292
args: >
9393
sh -c "
@@ -96,14 +96,14 @@ jobs:
9696
env:
9797
API_ARTIFACT_NAME: ${{ env.API_ARTIFACT_NAME }}
9898
- name: Get SAST-Results
99-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
99+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
100100
with:
101101
args: >
102102
sh -c "
103103
slug=$(devguard-scanner slug ${{ github.ref_name }}) && devguard-scanner get '${{ inputs.api-url }}/api/v1/organizations/${{ inputs.asset-name }}/refs/'$slug'/sarif.json' --token='${{ secrets.devguard-token }}' > sarif.json
104104
"
105105
- name: Attest SBOM
106-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
106+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
107107
with:
108108
args: >
109109
sh -c "
@@ -116,7 +116,7 @@ jobs:
116116
env:
117117
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
118118
- name: Attest VeX
119-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
119+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
120120
with:
121121
args: >
122122
sh -c "
@@ -129,7 +129,7 @@ jobs:
129129
env:
130130
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
131131
- name: Attest SAST-Results
132-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
132+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
133133
with:
134134
args: >
135135
sh -c "
@@ -147,7 +147,7 @@ jobs:
147147
with:
148148
name: build${{ inputs.image-suffix }}.provenance.json
149149
- name: Attest build-provenance.json
150-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
150+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
151151
continue-on-error: true
152152
with:
153153
args: >

.github/workflows/build-image.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ jobs:
6363
persist-credentials: false
6464
- name: In-Toto Provenance record start
6565
id: in-toto-start
66-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
66+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
6767
with:
6868
args: devguard-scanner intoto start --step=build --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }}
6969
continue-on-error: true
@@ -192,7 +192,7 @@ jobs:
192192
path: image-tag.txt
193193

194194
- name: In-Toto Provenance record stop
195-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
195+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
196196
with:
197197
args: devguard-scanner intoto stop --step=build --products=image-digest.txt --products=image-tag.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --generateSlsaProvenance
198198
continue-on-error: true

.github/workflows/code-risk-identification.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,6 @@ jobs:
4646
if: ${{ inputs.sarif-artifact-name != '' }}
4747

4848
- name: DevGuard Code Risk Identification
49-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
49+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
5050
with:
5151
args: devguard-scanner sarif ${{ inputs.sarif-file }} --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/container-scanning.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ jobs:
9797
if: inputs.fetch-image-from-registry == true
9898

9999
- name: DevGuard Container-Scanning
100-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
100+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
101101
with:
102102
args: devguard-scanner container-scanning --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.image-path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --failOnRisk=${{ inputs.fail-on-risk }} --failOnCVSS=${{ inputs.fail-on-cvss }} --artifactName=${{ env.ARTIFACT_NAME }} --webUI=${{ inputs.web-ui }}
103103
env:

.github/workflows/dependency-risk-identification.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,6 @@ jobs:
6363
if: ${{ inputs.sbom-artifact-name != '' }}
6464

6565
- name: DevGuard Dependency Risk Identification
66-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
66+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
6767
with:
6868
args: devguard-scanner sbom ${{ inputs.sbom-file }} --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --artifactName=${{ inputs.artifact-name }} --webUI=${{ inputs.web-ui }} --failOnRisk=${{ inputs.fail-on-risk }} --failOnCVSS=${{ inputs.fail-on-cvss }}

.github/workflows/deploy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ jobs:
6868
run: echo "DIGEST=$(cat image-digest.txt)" >> $GITHUB_ENV
6969

7070
- name: In-Toto Provenance run
71-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
71+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
7272
with:
7373
args: devguard-scanner intoto run --step=deploy --materials=image-tag.txt --products=image-tag.txt --products=image-digest.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --supplyChainOutputDigest="${{ env.DIGEST }}"
7474
continue-on-error: true

.github/workflows/iac.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
persist-credentials: false
4040
fetch-depth: 0
4141
- name: DevGuard Infrastructure as Code
42-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
42+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
4343
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4444
with:
4545
args: devguard-scanner iac --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/sast.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
fetch-depth: 0
4040
persist-credentials: false
4141
- name: DevGuard Static application security testing
42-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
42+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
4343
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4444
with:
4545
args: devguard-scanner sast --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/secret-scanning.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ jobs:
4040
persist-credentials: false
4141
uses: actions/checkout@v4
4242
- name: DevGuard Secret-Scanning
43-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
43+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
4444
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4545
with:
4646
args: devguard-scanner secret-scanning --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/sign.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,6 @@ jobs:
5151
run: echo "IMAGE_TAG_AND_DIGEST=$(cat image-tag.txt)@$(cat image-digest.txt)" >> $GITHUB_ENV
5252

5353
- name: DevGuard Image-Signing
54-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest-latest
54+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main-latest
5555
with:
5656
args: devguard-scanner sign -u ${{ github.actor }} -r ghcr.io -p ${{ secrets.GITHUB_TOKEN }} --token="${{ secrets.devguard-token }}" ${{ env.IMAGE_TAG_AND_DIGEST }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }}

0 commit comments

Comments
 (0)