Skip to content
This repository was archived by the owner on Jun 16, 2026. It is now read-only.

Commit c0d0514

Browse files
committed
chore: using main devguard scanner
1 parent 84360a7 commit c0d0514

11 files changed

Lines changed: 19 additions & 19 deletions

.github/workflows/attest.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ jobs:
8787
echo "Resolved artifact name for attestation: ${{ inputs.artifact-name }}"
8888
8989
- name: Get and Attest SBOM
90-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
90+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
9191
with:
9292
args: |
9393
sh -c "
@@ -108,7 +108,7 @@ jobs:
108108
API_ARTIFACT_NAME: ${{ env.API_ARTIFACT_NAME }}
109109
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
110110
- name: Get and Attest VeX
111-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
111+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
112112
with:
113113
args: |
114114
sh -c "
@@ -129,7 +129,7 @@ jobs:
129129
API_ARTIFACT_NAME: ${{ env.API_ARTIFACT_NAME }}
130130
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
131131
- name: Get and Attest SAST-Results
132-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
132+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
133133
with:
134134
args: |
135135
sh -c "
@@ -153,7 +153,7 @@ jobs:
153153
with:
154154
name: build${{ inputs.image-suffix }}.provenance.json
155155
- name: Attest build-provenance.json
156-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
156+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
157157
continue-on-error: true
158158
with:
159159
args: |

.github/workflows/build-image.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ jobs:
7474
7575
- name: In-Toto Provenance record start
7676
id: in-toto-start
77-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
77+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
7878
with:
7979
args: devguard-scanner intoto start --step=build --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }}
8080
continue-on-error: true
@@ -110,7 +110,7 @@ jobs:
110110
docker run --rm \
111111
-v "$GITHUB_WORKSPACE:/workspace" \
112112
-w /workspace \
113-
ghcr.io/l3montree-dev/devguard/scanner:v1.3.0 \
113+
ghcr.io/l3montree-dev/devguard/scanner:main \
114114
crane digest --tarball="${IMAGE_DESTINATION_PATH}" > image-digest.txt
115115
env:
116116
IMAGE_DESTINATION_PATH: ${{ inputs.image-destination-path }}
@@ -142,7 +142,7 @@ jobs:
142142
docker run --rm \
143143
-e IMAGE_PATH \
144144
-e GITHUB_REF_NAME \
145-
ghcr.io/l3montree-dev/devguard/scanner:v1.3.0 \
145+
ghcr.io/l3montree-dev/devguard/scanner:main \
146146
devguard-scanner generate-tag \
147147
--imagePath="$IMAGE_PATH" \
148148
--ref="$GITHUB_REF_NAME" \
@@ -164,7 +164,7 @@ jobs:
164164
docker run --rm \
165165
--user 53111:53111 \
166166
-v "${HOME}/.docker:/tmp/.docker" \
167-
ghcr.io/l3montree-dev/devguard/scanner:v1.3.0 \
167+
ghcr.io/l3montree-dev/devguard/scanner:main \
168168
crane auth login ghcr.io -u ${{ github.actor }} -p ${{ github.token }}
169169
if: inputs.disable-artifact-registry-as-image-store == true
170170

@@ -174,7 +174,7 @@ jobs:
174174
-v "$GITHUB_WORKSPACE:/workspace" \
175175
-w /workspace \
176176
-v "${HOME}/.docker:/tmp/.docker:ro" \
177-
ghcr.io/l3montree-dev/devguard/scanner:v1.3.0 \
177+
ghcr.io/l3montree-dev/devguard/scanner:main \
178178
crane push "${IMAGE_DESTINATION_PATH}" "$(cat image-tag.txt)"
179179
env:
180180
IMAGE_DESTINATION_PATH: ${{ inputs.image-destination-path }}
@@ -223,7 +223,7 @@ jobs:
223223
path: image-tag.txt
224224

225225
- name: In-Toto Provenance record stop
226-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
226+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
227227
with:
228228
args: devguard-scanner intoto stop --step=build --products=image-digest.txt --products=image-tag.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --generateSlsaProvenance --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }}
229229
continue-on-error: true

.github/workflows/code-risk-identification.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,6 @@ jobs:
4646
if: ${{ inputs.sarif-artifact-name != '' }}
4747

4848
- name: DevGuard Code Risk Identification
49-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
49+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
5050
with:
5151
args: devguard-scanner sarif ${{ inputs.sarif-file }} --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/container-scanning.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ jobs:
9797
if: inputs.fetch-image-from-registry == true
9898

9999
- name: DevGuard Container-Scanning
100-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
100+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
101101
with:
102102
args: devguard-scanner container-scanning --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.image-path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --failOnRisk=${{ inputs.fail-on-risk }} --failOnCVSS=${{ inputs.fail-on-cvss }} --artifactName=${{ env.ARTIFACT_NAME }} --webUI=${{ inputs.web-ui }}
103103
env:

.github/workflows/dependency-risk-identification.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,6 @@ jobs:
6363
if: ${{ inputs.sbom-artifact-name != '' }}
6464

6565
- name: DevGuard Dependency Risk Identification
66-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
66+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
6767
with:
6868
args: devguard-scanner sbom ${{ inputs.sbom-file }} --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --artifactName=${{ inputs.artifact-name }} --webUI=${{ inputs.web-ui }} --failOnRisk=${{ inputs.fail-on-risk }} --failOnCVSS=${{ inputs.fail-on-cvss }}

.github/workflows/deploy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ jobs:
7373
run: echo "DIGEST=$(cat image-digest.txt)" >> $GITHUB_ENV
7474

7575
- name: In-Toto Provenance run
76-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
76+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
7777
with:
7878
args: devguard-scanner intoto run --step=deploy --materials=image-tag.txt --products=image-tag.txt --products=image-digest.txt --token=${{ secrets.devguard-token }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }} --supplyChainId=${{ github.sha }} --supplyChainOutputDigest="${{ env.DIGEST }}" --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }}
7979
continue-on-error: true

.github/workflows/iac.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
persist-credentials: false
4040
fetch-depth: 0
4141
- name: DevGuard Infrastructure as Code
42-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
42+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
4343
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4444
with:
4545
args: devguard-scanner iac --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/secret-scanning.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ jobs:
4040
persist-credentials: false
4141
uses: actions/checkout@v4
4242
- name: DevGuard Secret-Scanning
43-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
43+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
4444
continue-on-error: ${{ inputs.continue-on-open-code-risk }}
4545
with:
4646
args: devguard-scanner secret-scanning --assetName=${{ inputs.asset-name }} --apiUrl=${{ inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{ inputs.path }} --defaultRef=${{ github.event.repository.default_branch }} --isTag=${{ github.ref_type == 'tag' }} --ref=${{ github.ref_name }} --webUI=${{ inputs.web-ui }}

.github/workflows/sign.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,6 @@ jobs:
5858
run: echo "IMAGE_TAG_AND_DIGEST=$(cat image-tag.txt)@$(cat image-digest.txt)" >> $GITHUB_ENV
5959

6060
- name: DevGuard Image-Signing
61-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
61+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
6262
with:
6363
args: devguard-scanner sign -u ${{ github.actor }} -r ghcr.io -p ${{ secrets.GITHUB_TOKEN }} --token="${{ secrets.devguard-token }}" ${{ env.IMAGE_TAG_AND_DIGEST }} --apiUrl=${{ inputs.api-url }} --assetName=${{ inputs.asset-name }}

.github/workflows/software-composition-analysis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747
persist-credentials: true # we need the credentials to be able to use the devguard-scanner in private repositories
4848
uses: actions/checkout@v4 # Check out the repository content to the runner
4949
- name: DevGuard SCA
50-
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:v1.3.0
50+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
5151
with:
5252
args: devguard-scanner sca --assetName=${{ inputs.asset-name }} --apiUrl=${{
5353
inputs.api-url }} --token="${{ secrets.devguard-token }}" --path=${{

0 commit comments

Comments
 (0)