1919 actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
2020 steps :
2121 - name : Harden Runner
22- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
22+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
2323 with :
2424 egress-policy : audit
2525 - name : Checkout code
3939 - name : Checkout the code
4040 uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
4141 - name : Scan the source code and upload dependency results
42- uses : anchore/sbom-action@ace0b9722a703812d78949ee4ac5b90de1c0eba2
42+ uses : anchore/sbom-action@c7f031d9249a826a082ea14c79d3b686a51d485a
4343 with :
4444 path : .
4545 dependency-snapshot : true
5353 node-version : [16.x, 18.x, 20.x]
5454 steps :
5555 - name : Harden Runner
56- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
56+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
5757 with :
5858 egress-policy : audit
5959 - name : Checkout Repository to Runner Context
7575 node-version : [16.x, 18.x, 20.x]
7676 steps :
7777 - name : Harden Runner
78- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
78+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
7979 with :
8080 egress-policy : audit
8181
@@ -105,20 +105,20 @@ jobs:
105105 language : ["javascript-typescript"]
106106 steps :
107107 - name : Harden Runner
108- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
108+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
109109 with :
110110 egress-policy : audit
111111 - name : Checkout repository
112112 uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
113113
114114 - name : Initialize CodeQL
115- uses : github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
115+ uses : github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
116116 with :
117117 languages : ${{ matrix.language }}
118118 - name : Autobuild
119- uses : github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
119+ uses : github/codeql-action/autobuild@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
120120 - name : Perform CodeQL Analysis
121- uses : github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
121+ uses : github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
122122 with :
123123 category : " /language:${{matrix.language}}"
124124 sast_sonar :
@@ -129,7 +129,7 @@ jobs:
129129 needs : test
130130 steps :
131131 - name : Harden Runner
132- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
132+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
133133 with :
134134 egress-policy : audit
135135 - name : Analyze with SonarCloud
@@ -150,7 +150,7 @@ jobs:
150150 needs : test
151151 steps :
152152 - name : Harden Runner
153- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
153+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
154154 with :
155155 egress-policy : audit
156156 - name : " Checkout code"
@@ -171,7 +171,7 @@ jobs:
171171 path : results.sarif
172172 retention-days : 5
173173 - name : " Upload to code-scanning"
174- uses : github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
174+ uses : github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
175175 with :
176176 sarif_file : results.sarif
177177 build-and-push-image :
@@ -183,13 +183,13 @@ jobs:
183183 needs : sast_codeql
184184 steps :
185185 - name : Harden Runner
186- uses : step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
186+ uses : step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
187187 with :
188188 egress-policy : audit
189189 - name : Checkout repository
190190 uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
191191 - name : Log in to the Container registry
192- uses : docker/login-action@1f401f745bf57e30b3a2800ad308a87d2ebdf14b
192+ uses : docker/login-action@3d58c274f17dffee475a5520cbe67f0a882c4dbb
193193 with :
194194 registry : ghcr.io
195195 username : ${{ github.actor }}
@@ -199,7 +199,7 @@ jobs:
199199 docker build -t ghcr.io/stormsinbrewing/savvy-devsecops .
200200 docker push ghcr.io/stormsinbrewing/savvy-devsecops
201201 - name : Image SBOM Scan with Syft
202- uses : anchore/sbom-action@ace0b9722a703812d78949ee4ac5b90de1c0eba2
202+ uses : anchore/sbom-action@c7f031d9249a826a082ea14c79d3b686a51d485a
203203 with :
204204 image : " ghcr.io/stormsinbrewing/savvy-devsecops"
205205 dependency-snapshot : true
0 commit comments