diff --git a/.github/workflows/CIS-Anchore-Grype.yml b/.github/workflows/CIS-Anchore-Grype.yml index a041261..33390bb 100644 --- a/.github/workflows/CIS-Anchore-Grype.yml +++ b/.github/workflows/CIS-Anchore-Grype.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Build an image from Dockerfile uses: docker/build-push-action@v6 diff --git a/.github/workflows/CIS-Trivy-AquaSecurity.yml b/.github/workflows/CIS-Trivy-AquaSecurity.yml index a257ace..8af499b 100644 --- a/.github/workflows/CIS-Trivy-AquaSecurity.yml +++ b/.github/workflows/CIS-Trivy-AquaSecurity.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Build an image from Dockerfile run: | diff --git a/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml b/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml index 63b50e5..fbf7156 100644 --- a/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml +++ b/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # build and start your application here # conditionally run the build step # assuming the application is a Docker container diff --git a/.github/workflows/IACS-AquaSecurity-tfsec.yml b/.github/workflows/IACS-AquaSecurity-tfsec.yml index 12d81d5..57102b8 100644 --- a/.github/workflows/IACS-AquaSecurity-tfsec.yml +++ b/.github/workflows/IACS-AquaSecurity-tfsec.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run tfsec uses: aquasecurity/tfsec-sarif-action@v0.1.4 diff --git a/.github/workflows/IACS-Checkmarx-kics.yml b/.github/workflows/IACS-Checkmarx-kics.yml index dab9703..86b34db 100644 --- a/.github/workflows/IACS-Checkmarx-kics.yml +++ b/.github/workflows/IACS-Checkmarx-kics.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Mkdir results-dir # make sure results dir is created diff --git a/.github/workflows/IACS-Microsoft-Security-DevOps.yml b/.github/workflows/IACS-Microsoft-Security-DevOps.yml index 6c2af9a..2d97bb5 100644 --- a/.github/workflows/IACS-Microsoft-Security-DevOps.yml +++ b/.github/workflows/IACS-Microsoft-Security-DevOps.yml @@ -40,7 +40,7 @@ jobs: # Windows and Linux agents are supported runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run Microsoft Security DevOps uses: microsoft/security-devops-action@v1.12.0 diff --git a/.github/workflows/MSDO-Microsoft-Security-DevOps.yml b/.github/workflows/MSDO-Microsoft-Security-DevOps.yml index facdd02..ae11b9f 100644 --- a/.github/workflows/MSDO-Microsoft-Security-DevOps.yml +++ b/.github/workflows/MSDO-Microsoft-Security-DevOps.yml @@ -28,7 +28,7 @@ jobs: # Windows and Linux agents are supported runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run Microsoft Security DevOps uses: microsoft/security-devops-action@v1.12.0 diff --git a/.github/workflows/SAST-GitHubAdvancedSecurity-CodeQL.yml b/.github/workflows/SAST-GitHubAdvancedSecurity-CodeQL.yml index de81b1e..7b5584a 100644 --- a/.github/workflows/SAST-GitHubAdvancedSecurity-CodeQL.yml +++ b/.github/workflows/SAST-GitHubAdvancedSecurity-CodeQL.yml @@ -48,7 +48,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` diff --git a/.github/workflows/SAST-Kubesec.yml b/.github/workflows/SAST-Kubesec.yml index cf4cd54..74ed82c 100644 --- a/.github/workflows/SAST-Kubesec.yml +++ b/.github/workflows/SAST-Kubesec.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run kubesec scanner (critical-double.yaml) uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run kubesec scanner (score-5-pod-serviceaccount.yaml) uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 diff --git a/.github/workflows/SCA-Anchore-Syft-SBOM.yml b/.github/workflows/SCA-Anchore-Syft-SBOM.yml index 7f0c46d..e56d50a 100644 --- a/.github/workflows/SCA-Anchore-Syft-SBOM.yml +++ b/.github/workflows/SCA-Anchore-Syft-SBOM.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Build the Docker image run: docker build ./src/webapp01 --file ./src/webapp01/Dockerfile --tag ${{ env.imageName }}:${{ env.tag }} diff --git a/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml b/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml index 5fa2e06..b42bea6 100644 --- a/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml +++ b/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout repository' - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: 'Dependency Review' uses: actions/dependency-review-action@v4 # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. diff --git a/.github/workflows/SCA-Microsoft-SBOM.yml b/.github/workflows/SCA-Microsoft-SBOM.yml index b8e7d15..492f80c 100644 --- a/.github/workflows/SCA-Microsoft-SBOM.yml +++ b/.github/workflows/SCA-Microsoft-SBOM.yml @@ -19,7 +19,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup .NET Core uses: actions/setup-dotnet@v4 with: diff --git a/.github/workflows/SCA-OpenSSF-Scorecard.yml b/.github/workflows/SCA-OpenSSF-Scorecard.yml index 79b0d20..a2ac93c 100644 --- a/.github/workflows/SCA-OpenSSF-Scorecard.yml +++ b/.github/workflows/SCA-OpenSSF-Scorecard.yml @@ -34,7 +34,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 31a7c32..ecaf0d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: steps: # Checkout the repo - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # Setup .NET Core SDK - name: Setup .NET Core diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 3a464a4..3797f3a 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: # Checkout the repo - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # Setup .NET Core SDK - name: Setup .NET Core