diff --git a/.github/actions/grype/action.yaml b/.github/actions/grype/action.yaml index baa530259..058f4e5ad 100644 --- a/.github/actions/grype/action.yaml +++ b/.github/actions/grype/action.yaml @@ -44,6 +44,6 @@ runs: output-format: sarif - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@e00cd12e3ee0ce24d476645336a315351be51d88 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/actions/trivy-config/action.yaml b/.github/actions/trivy-config/action.yaml index 910d9e1ee..9f7bee700 100644 --- a/.github/actions/trivy-config/action.yaml +++ b/.github/actions/trivy-config/action.yaml @@ -27,6 +27,6 @@ runs: format: 'sarif' output: 'reports/trivy-docker-results.sarif' - name: Upload - uses: github/codeql-action/upload-sarif@e00cd12e3ee0ce24d476645336a315351be51d88 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: 'reports' diff --git a/.github/actions/trivy-image/action.yaml b/.github/actions/trivy-image/action.yaml index 5db2bfe85..6adc91e8a 100644 --- a/.github/actions/trivy-image/action.yaml +++ b/.github/actions/trivy-image/action.yaml @@ -49,6 +49,6 @@ runs: format: 'table' - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@e00cd12e3ee0ce24d476645336a315351be51d88 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: 'reports' diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml index 1ca980958..9e203a905 100644 --- a/.github/workflows/.reusable-sast.yml +++ b/.github/workflows/.reusable-sast.yml @@ -15,11 +15,11 @@ jobs: - name: Checkout repository uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Initialize CodeQL - uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: languages: 'python' - name: Analyze - uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 black: runs-on: ubuntu-latest @@ -61,7 +61,7 @@ jobs: - name: Run Bandit run: bandit -r -f sarif -o bandit-results.sarif connaisseur/ --exit-zero - name: Upload - uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: 'bandit-results.sarif' @@ -80,7 +80,7 @@ jobs: format: sarif output-file: hadolint-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: 'hadolint-results.sarif' @@ -99,7 +99,7 @@ jobs: format: sarif output-file: kubelinter-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: 'kubelinter-results.sarif' @@ -134,7 +134,7 @@ jobs: output_format: cli,sarif output_file_path: console,checkov-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: checkov-results.sarif @@ -151,6 +151,6 @@ jobs: - name: Scan run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0 - name: Upload - uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.12.3 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: semgrep-results.sarif