From 3a26a7f627031efbcbad2eb88182fd3959ea85a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 07:45:59 +0000 Subject: [PATCH] build(deps): bump github/codeql-action from 1.1.39 to 3.24.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.39 to 3.24.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v1.1.39...v3.24.8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/anchore.yml | 2 +- .github/workflows/apisec-scan.yml | 2 +- .github/workflows/bearer.yml | 2 +- .github/workflows/brakeman.yml | 2 +- .github/workflows/checkmarx-one.yml | 2 +- .github/workflows/checkmarx.yml | 2 +- .github/workflows/clj-holmes.yml | 2 +- .github/workflows/clj-watson.yml | 2 +- .github/workflows/cloudrail.yml | 2 +- .github/workflows/codacy.yml | 2 +- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/codeql.yml | 6 +++--- .github/workflows/codescan.yml | 2 +- .github/workflows/contrast-scan.yml | 2 +- .github/workflows/credo.yml | 2 +- .github/workflows/datree.yml | 2 +- .github/workflows/defender-for-devops.yml | 2 +- .github/workflows/detekt.yml | 2 +- .github/workflows/devskim.yml | 2 +- .github/workflows/endorlabs.yml | 2 +- .github/workflows/eslint.yml | 2 +- .github/workflows/ethicalcheck.yml | 2 +- .github/workflows/flawfinder.yml | 2 +- .github/workflows/fortify.yml | 2 +- .github/workflows/hadolint.yml | 2 +- .github/workflows/kubesec.yml | 2 +- .github/workflows/lintr.yml | 2 +- .github/workflows/mayhem-for-api.yml | 2 +- .github/workflows/mobsf.yml | 2 +- .github/workflows/msvc.yml | 2 +- .github/workflows/njsscan.yml | 2 +- .github/workflows/nowsecure.yml | 2 +- .github/workflows/ossar-analysis.yml | 2 +- .github/workflows/ossar.yml | 2 +- .github/workflows/phpmd.yml | 2 +- .github/workflows/pmd.yml | 2 +- .github/workflows/powershell.yml | 2 +- .github/workflows/prisma.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/puppet-lint.yml | 2 +- .github/workflows/rubocop.yml | 2 +- .github/workflows/rust-clippy.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/securitycodescan.yml | 2 +- .github/workflows/semgrep.yml | 2 +- .github/workflows/snyk-container.yml | 2 +- .github/workflows/snyk-infrastructure.yml | 2 +- .github/workflows/snyk-security.yml | 2 +- .github/workflows/sobelow.yml | 2 +- .github/workflows/soos-dast-scan.yml | 2 +- .github/workflows/synopsys-io.yml | 2 +- .github/workflows/sysdig-scan.yml | 2 +- .github/workflows/tfsec.yml | 2 +- .github/workflows/trivy.yml | 2 +- .github/workflows/veracode-analysis.yml | 2 +- .github/workflows/veracode.yml | 2 +- .github/workflows/xanitizer.yml | 2 +- .github/workflows/zscaler-iac-scan.yml | 2 +- .github/workflows/zscan.yml | 2 +- 59 files changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml index 958a549ac..2ecb4ccce 100644 --- a/.github/workflows/anchore.yml +++ b/.github/workflows/anchore.yml @@ -48,6 +48,6 @@ jobs: fail-build: true severity-cutoff: critical - name: Upload vulnerability report - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml index 8519958ec..a29e57e39 100644 --- a/.github/workflows/apisec-scan.yml +++ b/.github/workflows/apisec-scan.yml @@ -71,6 +71,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ./apisec-results.sarif diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index dac5d5f50..eaf3367a5 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -43,6 +43,6 @@ jobs: exit-code: 0 # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml index fbc2d8e98..aae0f26d8 100644 --- a/.github/workflows/brakeman.yml +++ b/.github/workflows/brakeman.yml @@ -58,6 +58,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: output.sarif.json diff --git a/.github/workflows/checkmarx-one.yml b/.github/workflows/checkmarx-one.yml index b2f7bf5c5..5b0a77c81 100644 --- a/.github/workflows/checkmarx-one.yml +++ b/.github/workflows/checkmarx-one.yml @@ -54,7 +54,7 @@ jobs: cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One additional_params: --report-format sarif --output-path . - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: cx_result.sarif diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml index ddfa96ec2..7a909a606 100644 --- a/.github/workflows/checkmarx.yml +++ b/.github/workflows/checkmarx.yml @@ -55,6 +55,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filter-severity --cx-flow.filter-category --checkmarx.disable-clubbing=true --repo-url=${{ github.event.repository.url }} # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: cx.sarif diff --git a/.github/workflows/clj-holmes.yml b/.github/workflows/clj-holmes.yml index 90ea294e2..5eaf2c7ae 100644 --- a/.github/workflows/clj-holmes.yml +++ b/.github/workflows/clj-holmes.yml @@ -43,7 +43,7 @@ jobs: fail-on-result: 'false' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{github.workspace}}/clj-holmes-results.sarif wait-for-processing: true diff --git a/.github/workflows/clj-watson.yml b/.github/workflows/clj-watson.yml index a1e5d3bbf..1836d7b8e 100644 --- a/.github/workflows/clj-watson.yml +++ b/.github/workflows/clj-watson.yml @@ -53,7 +53,7 @@ jobs: fail-on-result: false - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{github.workspace}}/clj-watson-results.sarif wait-for-processing: true diff --git a/.github/workflows/cloudrail.yml b/.github/workflows/cloudrail.yml index 5ce8e8db0..629a4f38d 100644 --- a/.github/workflows/cloudrail.yml +++ b/.github/workflows/cloudrail.yml @@ -58,7 +58,7 @@ jobs: cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 # Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always() # is needed to ensure the SARIF file is uploaded if: always() diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 54d9c789b..0cc0d73a4 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -61,6 +61,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 82ec573bc..2cfa41daa 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@eab49d76a36ac164bf08006f3efdba5c4c9c328c # main + uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # main with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@eab49d76a36ac164bf08006f3efdba5c4c9c328c # main + uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # main # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -76,5 +76,5 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@eab49d76a36ac164bf08006f3efdba5c4c9c328c # main + uses: github/codeql-action/analyze@05963f47d870e2cb19a537396c1f668a348c7d8f # main \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 17aba8a99..65fa091d9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,7 +60,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -87,6 +87,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/analyze@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/codescan.yml b/.github/workflows/codescan.yml index 892ef508a..87a2d3081 100644 --- a/.github/workflows/codescan.yml +++ b/.github/workflows/codescan.yml @@ -49,6 +49,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: codescan.sarif diff --git a/.github/workflows/contrast-scan.yml b/.github/workflows/contrast-scan.yml index 227b8d0f3..ec2fae2d4 100644 --- a/.github/workflows/contrast-scan.yml +++ b/.github/workflows/contrast-scan.yml @@ -53,6 +53,6 @@ jobs: authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }} #Upload the results to GitHub - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output diff --git a/.github/workflows/credo.yml b/.github/workflows/credo.yml index af538274d..ef1340501 100644 --- a/.github/workflows/credo.yml +++ b/.github/workflows/credo.yml @@ -60,7 +60,7 @@ jobs: - name: credo-scan run: mix credo --format=sarif > credo_output.sarif - name: upload sarif - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: credo_output.sarif diff --git a/.github/workflows/datree.yml b/.github/workflows/datree.yml index 6b962c08b..f1110102c 100644 --- a/.github/workflows/datree.yml +++ b/.github/workflows/datree.yml @@ -47,6 +47,6 @@ jobs: # Setting a SARIF output will generate a file named "datree.sarif" containing your test results cliArguments: "-o sarif" - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: datree.sarif diff --git a/.github/workflows/defender-for-devops.yml b/.github/workflows/defender-for-devops.yml index b57bca99e..29b49c061 100644 --- a/.github/workflows/defender-for-devops.yml +++ b/.github/workflows/defender-for-devops.yml @@ -47,6 +47,6 @@ jobs: uses: microsoft/security-devops-action@e94440350ed10e2806d47cd0d7504a2c51abdbe9 # v1.6.0 id: msdo - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 1241358a3..5600061a6 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -116,7 +116,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 0ae892903..48d560b0c 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -37,6 +37,6 @@ jobs: uses: microsoft/DevSkim-Action@b41921d947434b27f90b8949f8bfbe056e706bf6 # v1.0.11 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/endorlabs.yml b/.github/workflows/endorlabs.yml index de3a52e7f..c69c9c239 100644 --- a/.github/workflows/endorlabs.yml +++ b/.github/workflows/endorlabs.yml @@ -54,6 +54,6 @@ jobs: ci_run: "false" sarif_file: findings.sarif - name: Upload SARIF to github - uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f with: sarif_file: findings.sarif diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index b873893a9..5b7d4bcf3 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -52,7 +52,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: eslint-results.sarif wait-for-processing: true diff --git a/.github/workflows/ethicalcheck.yml b/.github/workflows/ethicalcheck.yml index f4f17c58c..e409704c9 100644 --- a/.github/workflows/ethicalcheck.yml +++ b/.github/workflows/ethicalcheck.yml @@ -68,7 +68,7 @@ jobs: sarif-result-file: "ethicalcheck-results.sarif" - name: Upload sarif file to repository - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ./ethicalcheck-results.sarif diff --git a/.github/workflows/flawfinder.yml b/.github/workflows/flawfinder.yml index ee49f9cc7..41733c63c 100644 --- a/.github/workflows/flawfinder.yml +++ b/.github/workflows/flawfinder.yml @@ -41,6 +41,6 @@ jobs: output: 'flawfinder_results.sarif' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{github.workspace}}/flawfinder_results.sarif diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 1772542cf..91d937090 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -101,6 +101,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ./gh-fortify-sast.sarif diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 6272c6b1a..b48acc36c 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -46,7 +46,7 @@ jobs: no-fail: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: hadolint-results.sarif wait-for-processing: true diff --git a/.github/workflows/kubesec.yml b/.github/workflows/kubesec.yml index ea4554a00..b825d0e4e 100644 --- a/.github/workflows/kubesec.yml +++ b/.github/workflows/kubesec.yml @@ -44,6 +44,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: kubesec-results.sarif diff --git a/.github/workflows/lintr.yml b/.github/workflows/lintr.yml index a9a21c7ff..50362ec84 100644 --- a/.github/workflows/lintr.yml +++ b/.github/workflows/lintr.yml @@ -54,7 +54,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: lintr-results.sarif wait-for-processing: true diff --git a/.github/workflows/mayhem-for-api.yml b/.github/workflows/mayhem-for-api.yml index 14a0c5360..4bd0c1d38 100644 --- a/.github/workflows/mayhem-for-api.yml +++ b/.github/workflows/mayhem-for-api.yml @@ -69,6 +69,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: mapi.sarif diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml index a70fde6e5..54bb55ea0 100644 --- a/.github/workflows/mobsf.yml +++ b/.github/workflows/mobsf.yml @@ -43,6 +43,6 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 33e4fe840..3857fa816 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -59,7 +59,7 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml index 6a0e69408..5236f0031 100644 --- a/.github/workflows/njsscan.yml +++ b/.github/workflows/njsscan.yml @@ -42,6 +42,6 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/nowsecure.yml b/.github/workflows/nowsecure.yml index c58734901..47c66af8b 100644 --- a/.github/workflows/nowsecure.yml +++ b/.github/workflows/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3.24.8 with: sarif_file: NowSecure.sarif diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml index 72a043cc7..bfbc5e6ad 100644 --- a/.github/workflows/ossar-analysis.yml +++ b/.github/workflows/ossar-analysis.yml @@ -55,6 +55,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index 447e69be5..3c6d15446 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -56,6 +56,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/phpmd.yml b/.github/workflows/phpmd.yml index 49b5a3fa0..2527ad986 100644 --- a/.github/workflows/phpmd.yml +++ b/.github/workflows/phpmd.yml @@ -56,7 +56,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: phpmd-results.sarif wait-for-processing: true diff --git a/.github/workflows/pmd.yml b/.github/workflows/pmd.yml index 2f65e92e6..24e1b8161 100644 --- a/.github/workflows/pmd.yml +++ b/.github/workflows/pmd.yml @@ -43,6 +43,6 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: pmd-report.sarif diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml index 929d71736..1cbdfa826 100644 --- a/.github/workflows/powershell.yml +++ b/.github/workflows/powershell.yml @@ -49,6 +49,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/prisma.yml b/.github/workflows/prisma.yml index 995b140a2..41cf06935 100644 --- a/.github/workflows/prisma.yml +++ b/.github/workflows/prisma.yml @@ -54,7 +54,7 @@ jobs: # The service need to know the type of IaC being scanned template_type: 'CFT' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 # Results are generated only on a success or failure # this is required since GitHub by default won't run the next step # when the previous one has failed. diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index c5aea1eff..93cbb9132 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -38,6 +38,6 @@ jobs: uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/puppet-lint.yml b/.github/workflows/puppet-lint.yml index 9c04f05f5..9f4902b73 100644 --- a/.github/workflows/puppet-lint.yml +++ b/.github/workflows/puppet-lint.yml @@ -54,7 +54,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: puppet-lint-results.sarif wait-for-processing: true diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml index 7e31f0f02..73e2af00a 100644 --- a/.github/workflows/rubocop.yml +++ b/.github/workflows/rubocop.yml @@ -58,6 +58,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: rubocop.sarif diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index a96ac0569..93cb54f97 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -57,7 +57,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e3511a3b7..af2e2fd16 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/securitycodescan.yml b/.github/workflows/securitycodescan.yml index 17db027fd..bd7fbbbc9 100644 --- a/.github/workflows/securitycodescan.yml +++ b/.github/workflows/securitycodescan.yml @@ -43,4 +43,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687 - name: Upload sarif - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index f3fbdbc2e..d3d04cddf 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -48,7 +48,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: semgrep.sarif if: always() diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml index cfda2e3bf..d59e6353e 100644 --- a/.github/workflows/snyk-container.yml +++ b/.github/workflows/snyk-container.yml @@ -55,6 +55,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: snyk.sarif diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml index 22249beae..bf540c20b 100644 --- a/.github/workflows/snyk-infrastructure.yml +++ b/.github/workflows/snyk-infrastructure.yml @@ -54,6 +54,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: snyk.sarif diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml index b786fd075..402429bdd 100644 --- a/.github/workflows/snyk-security.yml +++ b/.github/workflows/snyk-security.yml @@ -79,6 +79,6 @@ jobs: # Push the Snyk Code results into GitHub Code Scanning tab - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: snyk-code.sarif diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml index 7f72f2690..fff7bbccd 100644 --- a/.github/workflows/sobelow.yml +++ b/.github/workflows/sobelow.yml @@ -41,6 +41,6 @@ jobs: - id: run-action uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912 - name: Upload report - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/soos-dast-scan.yml b/.github/workflows/soos-dast-scan.yml index 366fb24ee..917276c73 100644 --- a/.github/workflows/soos-dast-scan.yml +++ b/.github/workflows/soos-dast-scan.yml @@ -51,6 +51,6 @@ jobs: target_url: "https://www.example.com/" output_format: "sarif" - name: Upload SOOS DAST SARIF Report - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/synopsys-io.yml b/.github/workflows/synopsys-io.yml index 902eedf1b..5b6a76268 100644 --- a/.github/workflows/synopsys-io.yml +++ b/.github/workflows/synopsys-io.yml @@ -79,7 +79,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/.github/workflows/sysdig-scan.yml b/.github/workflows/sysdig-scan.yml index 25e29ea7e..8db2c9aa7 100644 --- a/.github/workflows/sysdig-scan.yml +++ b/.github/workflows/sysdig-scan.yml @@ -60,7 +60,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 #Upload SARIF file if: always() with: diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 0e4916be5..228ff7d2c 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -40,7 +40,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 02d809972..80136df7a 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -48,6 +48,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/veracode-analysis.yml b/.github/workflows/veracode-analysis.yml index 8258d2f79..3a07a6df5 100644 --- a/.github/workflows/veracode-analysis.yml +++ b/.github/workflows/veracode-analysis.yml @@ -57,7 +57,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@7a4200f5e4b9ff2260a6d8a677585198b906567e with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif \ No newline at end of file diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 9266861e3..7923a71db 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -58,7 +58,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@7a4200f5e4b9ff2260a6d8a677585198b906567e with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/.github/workflows/xanitizer.yml b/.github/workflows/xanitizer.yml index fbad5d1fc..71a5d3ee1 100644 --- a/.github/workflows/xanitizer.yml +++ b/.github/workflows/xanitizer.yml @@ -100,6 +100,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: Xanitizer-Findings-List.sarif diff --git a/.github/workflows/zscaler-iac-scan.yml b/.github/workflows/zscaler-iac-scan.yml index 81f672681..accc87be4 100644 --- a/.github/workflows/zscaler-iac-scan.yml +++ b/.github/workflows/zscaler-iac-scan.yml @@ -56,6 +56,6 @@ jobs: #Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository. - name: Upload SARIF file if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }} - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }} diff --git a/.github/workflows/zscan.yml b/.github/workflows/zscan.yml index b41395e57..d8f92cd28 100644 --- a/.github/workflows/zscan.yml +++ b/.github/workflows/zscan.yml @@ -60,6 +60,6 @@ jobs: app_file: app-release-unsigned.apk - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: Zimperium.sarif