Skip to content

chore(deps): update step-security/harden-runner action to v2.12.1#884

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/step-security-harden-runner-2.x
Jun 12, 2025
Merged

chore(deps): update step-security/harden-runner action to v2.12.1#884
renovate[bot] merged 1 commit into
masterfrom
renovate/step-security-harden-runner-2.x

Conversation

@renovate

@renovate renovate Bot commented Jun 11, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action patch v2.12.0 -> v2.12.1

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.12.1

Compare Source

What's Changed
  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file github-actions labels Jun 11, 2025
@github-actions

github-actions Bot commented Jun 11, 2025

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/step-security/harden-runner 002fdce3c6a235733a90a27c80493a3241e56863 🟢 8.7
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 107 out of 7 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected

Scanned Files

  • .github/workflows/dependency-review.yml

@renovate renovate Bot force-pushed the renovate/step-security-harden-runner-2.x branch from 7367482 to c9b5553 Compare June 11, 2025 21:44
@renovate renovate Bot merged commit 33a1d20 into master Jun 12, 2025
6 checks passed
@renovate renovate Bot deleted the renovate/step-security-harden-runner-2.x branch June 12, 2025 03:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github-actions

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants