diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5ac2804..289e7c3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,12 +20,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1 - name: Login to ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -44,7 +44,7 @@ jobs: - name: Push images run: ./build --push - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 with: image-ref: '${{ steps.build.outputs.LATEST_IMAGE_TAG }}' format: 'sarif' @@ -55,6 +55,6 @@ jobs: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/docker-tag.yml b/.github/workflows/docker-tag.yml index 533f331..ff0ff07 100644 --- a/.github/workflows/docker-tag.yml +++ b/.github/workflows/docker-tag.yml @@ -14,9 +14,9 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0 - name: Login to ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/keep-alive.yml b/.github/workflows/keep-alive.yml index d9d65fd..2656aed 100644 --- a/.github/workflows/keep-alive.yml +++ b/.github/workflows/keep-alive.yml @@ -17,7 +17,7 @@ jobs: contents: write # Required to push changes to the repository steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Git run: | diff --git a/.github/workflows/vuln-check.yml b/.github/workflows/vuln-check.yml index a9c4dd3..56c825d 100644 --- a/.github/workflows/vuln-check.yml +++ b/.github/workflows/vuln-check.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Free Disk Space (Ubuntu) # Reclaim disk space for scan uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 @@ -30,7 +30,7 @@ jobs: docker-images: false # Do not remove locally built images (including trivy scanner) - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 with: image-ref: 'ghcr.io/datadog/dd-trace-java-docker-build:latest' format: 'sarif' @@ -42,7 +42,7 @@ jobs: TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 if: always() with: sarif_file: 'trivy-results.sarif'