From 35e3a68fb3017fae67b738142b7f64086ccf16ea Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Mon, 13 Apr 2026 10:34:05 -0600 Subject: [PATCH 1/7] update action versions --- .github/workflows/build.yml | 26 +++++++++++++------------- .github/workflows/publish.yml | 20 ++++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0bc807f0..b3ea28a5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -33,10 +33,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - name: Login to GHCR - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + uses: docker/login-action@v4 if: ${{ ! startsWith(github.event_name, 'pull_request') }} with: registry: ghcr.io @@ -44,7 +44,7 @@ jobs: password: ${{ secrets.PACKAGE_SCOPE }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v6 if: ${{ ! startsWith(github.event_name, 'pull_request') }} with: aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} @@ -58,7 +58,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v6 with: images: | ghcr.io/bloodhoundad/azurehound @@ -68,13 +68,13 @@ jobs: type=sha,prefix=edge-,format=short - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 - name: Set up buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Build Container Image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: . build-args: VERSION=v0.0.0-rolling+${{ github.sha }} @@ -93,7 +93,7 @@ jobs: path: /tmp/oci-image.tar - name: Push Image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: . build-args: VERSION=v0.0.0-rolling+${{ github.sha }} @@ -118,10 +118,10 @@ jobs: - amd64 - arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -150,7 +150,7 @@ jobs: - name: Update Rolling Release if: "! startsWith(github.event_name, 'pull_request')" - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: name: Rolling Release (unstable) tag_name: rolling diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3e50a46b..ea6af94b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,10 +23,10 @@ jobs: FILE_NAME: AzureHound_${{ github.ref_name }}_${{ matrix.os }}_${{ matrix.arch }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -59,7 +59,7 @@ jobs: run: sha256sum ${{ env.FILE_NAME }}.zip > ${{ env.FILE_NAME }}.zip.sha256 - name: Upload Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: files: | ${{ env.FILE_NAME }}.zip @@ -80,13 +80,13 @@ jobs: FILE_NAME: AzureHoundEnterprise_${{ github.ref_name }}_${{ matrix.os }}_${{ matrix.arch }} steps: - - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@v6 with: aws-access-key-id: ${{ secrets.BHE_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.BHE_AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: pattern: azurehound-bin-${{ matrix.os }}-${{ matrix.arch }} path: unsigned/ @@ -98,7 +98,7 @@ jobs: - name: Install DigiCert Client Tools id: digicert - uses: digicert/ssm-code-signing@v1.0.0 + uses: digicert/ssm-code-signing@v1.2.1 - name: Set PKCS#11 Paths id: pkcs11 @@ -163,14 +163,14 @@ jobs: - uses: actions/checkout@v4 - name: Log in to GHCR - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.PACKAGE_SCOPE }} - name: Log in to ACR - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + uses: docker/login-action@v4 with: registry: ${{ secrets.ACR_AZUREHOUND_REGISTRY_URL }} username: ${{ secrets.ACR_CLIENT_ID }} @@ -178,7 +178,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v6 with: images: | ghcr.io/bloodhoundad/azurehound @@ -188,7 +188,7 @@ jobs: type=semver,pattern={{major}}.{{minor}},prefix=v - name: Build Container Image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: . build-args: VERSION=${{ github.ref_name }} From ed6530865b0d736bcca9cd6bd5eb506ee819e612 Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Mon, 13 Apr 2026 11:15:30 -0600 Subject: [PATCH 2/7] pin actions to commit shas --- .github/workflows/build.yml | 32 +++++++------- .github/workflows/cla.yml | 2 +- .github/workflows/jira-issue-transfer.yml | 54 +++++++++++------------ .github/workflows/publish.yml | 24 +++++----- 4 files changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b3ea28a5..62da8c53 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6 - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # ratchet:actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -33,10 +33,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6 - name: Login to GHCR - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # ratchet:docker/login-action@v4 if: ${{ ! startsWith(github.event_name, 'pull_request') }} with: registry: ghcr.io @@ -44,7 +44,7 @@ jobs: password: ${{ secrets.PACKAGE_SCOPE }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # ratchet:aws-actions/configure-aws-credentials@v6 if: ${{ ! startsWith(github.event_name, 'pull_request') }} with: aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} @@ -53,12 +53,12 @@ jobs: - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 + uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # ratchet:aws-actions/amazon-ecr-login@v2 if: ${{ ! startsWith(github.event_name, 'pull_request') }} - name: Extract metadata id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # ratchet:docker/metadata-action@v6 with: images: | ghcr.io/bloodhoundad/azurehound @@ -66,15 +66,15 @@ jobs: tags: | type=edge,branch=main type=sha,prefix=edge-,format=short - + - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # ratchet:docker/setup-qemu-action@v4 - name: Set up buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # ratchet:docker/setup-buildx-action@v4 - name: Build Container Image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # ratchet:docker/build-push-action@v7 with: context: . build-args: VERSION=v0.0.0-rolling+${{ github.sha }} @@ -87,13 +87,13 @@ jobs: outputs: type=oci,dest=/tmp/oci-image.tar - name: Upload OCI tarball - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 with: name: oci-image-tar path: /tmp/oci-image.tar - name: Push Image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # ratchet:docker/build-push-action@v7 with: context: . build-args: VERSION=v0.0.0-rolling+${{ github.sha }} @@ -118,10 +118,10 @@ jobs: - amd64 - arm64 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6 - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # ratchet:actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -150,7 +150,7 @@ jobs: - name: Update Rolling Release if: "! startsWith(github.event_name, 'pull_request')" - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # ratchet:softprops/action-gh-release@v2 with: name: Rolling Release (unstable) tag_name: rolling diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 2c492161..583272a1 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -41,7 +41,7 @@ jobs: - name: "CLA Assistant" if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.6.1 + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # ratchet:contributor-assistant/github-action@v2.6.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PERSONAL_ACCESS_TOKEN: ${{ secrets.REPO_SCOPE }} diff --git a/.github/workflows/jira-issue-transfer.yml b/.github/workflows/jira-issue-transfer.yml index 6e8cce11..ef5e1b4e 100644 --- a/.github/workflows/jira-issue-transfer.yml +++ b/.github/workflows/jira-issue-transfer.yml @@ -24,31 +24,31 @@ jobs: runs-on: self-hosted if: github.event.label.name == 'ticketed' steps: - - name: Login - uses: atlassian/gajira-login@v3 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Jira Create Bug - id: bug - if: contains(github.event.issue.labels.*.name, 'bug') - uses: atlassian/gajira-create@v3 - with: - project: BP - issuetype: 'Bug Report' - summary: ${{ github.event.issue.title }} - description: "Github Issue Link: ${{ github.event.issue.html_url}} \r\n ${{ github.event.issue.body }}" - fields: '{"labels":["GitHubReport"]}' + - name: Login + uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # ratchet:atlassian/gajira-login@v3 + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Jira Create Bug + id: bug + if: contains(github.event.issue.labels.*.name, 'bug') + uses: atlassian/gajira-create@1ff0b6bd115a780592b47bfbb63fc4629132e6ec # ratchet:atlassian/gajira-create@v3 + with: + project: BP + issuetype: 'Bug Report' + summary: ${{ github.event.issue.title }} + description: "Github Issue Link: ${{ github.event.issue.html_url}} \r\n ${{ github.event.issue.body }}" + fields: '{"labels":["GitHubReport"]}' - - name: Jira Create Enhancement - id: enhancement - if: contains(github.event.issue.labels.*.name, 'enhancement') - uses: atlassian/gajira-create@v3 - with: - project: BP - issuetype: 'Product Feature' - summary: ${{ github.event.issue.title }} - description: "Github Issue Link: ${{ github.event.issue.html_url}} \r\n ${{ github.event.issue.body }}" - fields: '{"labels":["GitHubReport"]}' + - name: Jira Create Enhancement + id: enhancement + if: contains(github.event.issue.labels.*.name, 'enhancement') + uses: atlassian/gajira-create@1ff0b6bd115a780592b47bfbb63fc4629132e6ec # ratchet:atlassian/gajira-create@v3 + with: + project: BP + issuetype: 'Product Feature' + summary: ${{ github.event.issue.title }} + description: "Github Issue Link: ${{ github.event.issue.html_url}} \r\n ${{ github.event.issue.body }}" + fields: '{"labels":["GitHubReport"]}' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ea6af94b..da463898 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,10 +23,10 @@ jobs: FILE_NAME: AzureHound_${{ github.ref_name }}_${{ matrix.os }}_${{ matrix.arch }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6 - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # ratchet:actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -47,7 +47,7 @@ jobs: - name: Upload as Artifact if: matrix.os == 'windows' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 with: name: azurehound-bin-${{ matrix.os }}-${{ matrix.arch }} path: azurehound* @@ -59,7 +59,7 @@ jobs: run: sha256sum ${{ env.FILE_NAME }}.zip > ${{ env.FILE_NAME }}.zip.sha256 - name: Upload Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # ratchet:softprops/action-gh-release@v2 with: files: | ${{ env.FILE_NAME }}.zip @@ -80,13 +80,13 @@ jobs: FILE_NAME: AzureHoundEnterprise_${{ github.ref_name }}_${{ matrix.os }}_${{ matrix.arch }} steps: - - uses: aws-actions/configure-aws-credentials@v6 + - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # ratchet:aws-actions/configure-aws-credentials@v6 with: aws-access-key-id: ${{ secrets.BHE_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.BHE_AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 - - uses: actions/download-artifact@v8 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # ratchet:actions/download-artifact@v8 with: pattern: azurehound-bin-${{ matrix.os }}-${{ matrix.arch }} path: unsigned/ @@ -98,7 +98,7 @@ jobs: - name: Install DigiCert Client Tools id: digicert - uses: digicert/ssm-code-signing@v1.2.1 + uses: digicert/ssm-code-signing@1d820463733701cf1484c7eb5d7d24a15ca2c454 # ratchet:digicert/ssm-code-signing@v1.2.1 - name: Set PKCS#11 Paths id: pkcs11 @@ -160,17 +160,17 @@ jobs: permissions: packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # ratchet:actions/checkout@v4 - name: Log in to GHCR - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # ratchet:docker/login-action@v4 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.PACKAGE_SCOPE }} - name: Log in to ACR - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # ratchet:docker/login-action@v4 with: registry: ${{ secrets.ACR_AZUREHOUND_REGISTRY_URL }} username: ${{ secrets.ACR_CLIENT_ID }} @@ -178,7 +178,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # ratchet:docker/metadata-action@v6 with: images: | ghcr.io/bloodhoundad/azurehound @@ -188,7 +188,7 @@ jobs: type=semver,pattern={{major}}.{{minor}},prefix=v - name: Build Container Image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # ratchet:docker/build-push-action@v7 with: context: . build-args: VERSION=${{ github.ref_name }} From e1cf50a6e627cdfe0d2e148edc240cbee63dc04b Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Mon, 13 Apr 2026 11:55:01 -0600 Subject: [PATCH 3/7] upgrade vulnerable golang.org/x/image package to v0.39.0 --- README.md | 2 +- go.mod | 8 +++----- go.sum | 8 ++++---- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 1c7f4931..5d916d33 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ The rolling release contains pre-built binaries that are automatically kept up-t ##### Prerequisites -- [Go 1.18](https://go.dev/dl/) or later +- [Go 1.25](https://go.dev/dl/) or later To build this project from source run the following: diff --git a/go.mod b/go.mod index b17322bb..c7b33878 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/bloodhoundad/azurehound/v2 -go 1.24.0 - -toolchain go1.24.2 +go 1.25.0 require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 @@ -51,8 +49,8 @@ require ( github.com/urfave/cli/v2 v2.3.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.48.0 // indirect - golang.org/x/image v0.18.0 // indirect - golang.org/x/text v0.34.0 // indirect + golang.org/x/image v0.39.0 // indirect + golang.org/x/text v0.36.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 60a36055..3471745a 100644 --- a/go.sum +++ b/go.sum @@ -117,8 +117,8 @@ golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.0.0-20210220032944-ac19c3e999fb/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ= -golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E= +golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww= +golang.org/x/image v0.39.0/go.mod h1:sIbmppfU+xFLPIG0FoVUTvyBMmgng1/XAMhQ2ft0hpA= golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -131,8 +131,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From dc9cd326d0f434375a8009aeead87d46f4569384 Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Mon, 13 Apr 2026 12:09:58 -0600 Subject: [PATCH 4/7] bump goland version in dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 96fbf5f9..4f47e986 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM golang:1.24 as build +FROM golang:1.25 as build WORKDIR /app ARG VERSION=v0.0.0 From c38d37e1462663f1bca3fc852b0a6981c3ea3b42 Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Tue, 14 Apr 2026 09:52:26 -0600 Subject: [PATCH 5/7] dockerfile syntax --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f47e986..ae97aae6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM golang:1.25 as build +FROM golang:1.25 AS build WORKDIR /app ARG VERSION=v0.0.0 @@ -11,6 +11,6 @@ RUN go mod download RUN go build -ldflags="-s -w -X github.com/bloodhoundad/azurehound/v2/constants.Version=$VERSION+docker" FROM gcr.io/distroless/base-debian12:nonroot -LABEL org.opencontainers.image.source https://github.com/BloodHoundAD/AzureHound +LABEL org.opencontainers.image.source=https://github.com/BloodHoundAD/AzureHound COPY --from=build /app/azurehound / ENTRYPOINT ["/azurehound"] From f244b68083444d56e4c6955bb7cc7d6070676a33 Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Tue, 14 Apr 2026 10:03:28 -0600 Subject: [PATCH 6/7] update checkout and upload-artifact actions --- .github/workflows/build.yml | 2 +- .github/workflows/publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 62da8c53..3f6252ad 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -87,7 +87,7 @@ jobs: outputs: type=oci,dest=/tmp/oci-image.tar - name: Upload OCI tarball - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7 with: name: oci-image-tar path: /tmp/oci-image.tar diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index da463898..e50c2a38 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -47,7 +47,7 @@ jobs: - name: Upload as Artifact if: matrix.os == 'windows' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7 with: name: azurehound-bin-${{ matrix.os }}-${{ matrix.arch }} path: azurehound* @@ -160,7 +160,7 @@ jobs: permissions: packages: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # ratchet:actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6 - name: Log in to GHCR uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # ratchet:docker/login-action@v4 From ad7993ce0e88377f82d28c66758bd0929064c23c Mon Sep 17 00:00:00 2001 From: Lucas Falslev Date: Tue, 14 Apr 2026 10:46:07 -0600 Subject: [PATCH 7/7] update gajira and softprops actions --- .github/workflows/build.yml | 2 +- .github/workflows/jira-issue-transfer.yml | 6 +++--- .github/workflows/publish.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3f6252ad..568cfd69 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -150,7 +150,7 @@ jobs: - name: Update Rolling Release if: "! startsWith(github.event_name, 'pull_request')" - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # ratchet:softprops/action-gh-release@v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # ratchet:softprops/action-gh-release@v3 with: name: Rolling Release (unstable) tag_name: rolling diff --git a/.github/workflows/jira-issue-transfer.yml b/.github/workflows/jira-issue-transfer.yml index ef5e1b4e..b249d80d 100644 --- a/.github/workflows/jira-issue-transfer.yml +++ b/.github/workflows/jira-issue-transfer.yml @@ -25,7 +25,7 @@ jobs: if: github.event.label.name == 'ticketed' steps: - name: Login - uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # ratchet:atlassian/gajira-login@v3 + uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # ratchet:atlassian/gajira-login@v3 env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} @@ -34,7 +34,7 @@ jobs: - name: Jira Create Bug id: bug if: contains(github.event.issue.labels.*.name, 'bug') - uses: atlassian/gajira-create@1ff0b6bd115a780592b47bfbb63fc4629132e6ec # ratchet:atlassian/gajira-create@v3 + uses: atlassian/gajira-create@59e177c4f6451399df5b4911c2211104f171e669 # ratchet:atlassian/gajira-create@v3 with: project: BP issuetype: 'Bug Report' @@ -45,7 +45,7 @@ jobs: - name: Jira Create Enhancement id: enhancement if: contains(github.event.issue.labels.*.name, 'enhancement') - uses: atlassian/gajira-create@1ff0b6bd115a780592b47bfbb63fc4629132e6ec # ratchet:atlassian/gajira-create@v3 + uses: atlassian/gajira-create@59e177c4f6451399df5b4911c2211104f171e669 # ratchet:atlassian/gajira-create@v3 with: project: BP issuetype: 'Product Feature' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e50c2a38..20bba84b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -59,7 +59,7 @@ jobs: run: sha256sum ${{ env.FILE_NAME }}.zip > ${{ env.FILE_NAME }}.zip.sha256 - name: Upload Release - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # ratchet:softprops/action-gh-release@v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # ratchet:softprops/action-gh-release@v3 with: files: | ${{ env.FILE_NAME }}.zip