Merge branch 'main' into jm-ci-rubyonrails

This commit is contained in:
Jamie McCarthy
2024-04-26 06:13:12 -05:00
committed by GitHub
159 changed files with 483 additions and 223 deletions
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
+1 -1
View File
@@ -10,7 +10,7 @@ jobs:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- run: |
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
git config user.email "cschleiden@github.com"
+1 -1
View File
@@ -10,7 +10,7 @@ jobs:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
+4 -4
View File
@@ -1,5 +1,5 @@
* @actions/actions-workflow-development-reviewers
* @actions/actions-workflow-development-reviewers @actions/starter-workflows
/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph
/code-scanning/dependency-review.yml @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph
/pages/ @actions/pages @actions/actions-workflow-development-reviewers
/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph @actions/starter-workflows
/code-scanning/dependency-review.yml @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph @actions/starter-workflows
/pages/ @actions/pages @actions/actions-workflow-development-reviewers @actions/starter-workflows
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set up GNAT toolchain
run: >
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: set up JDK 11
uses: actions/setup-java@v3
with:
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
+1 -1
View File
@@ -23,7 +23,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Runs a single command using the runners shell
- name: Run a one-line script
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: configure
run: ./configure
- name: make
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install dependencies
run: lein deps
- name: Run tests
+1 -1
View File
@@ -45,7 +45,7 @@ jobs:
c_compiler: cl
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set reusable strings
# Turn repeated input strings (such as the build output directory) into step outputs. These step outputs can be used throughout the workflow file.
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Configure CMake
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
image: crystallang/crystal
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install dependencies
run: shards install
- name: Run tests
+1 -1
View File
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: dlang-community/setup-dlang@4c99aa991ce7d19dd3064de0a4f2f6b2f152e2d7
- name: 'Build & Test'
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Note: This workflow uses the latest stable version of the Dart SDK.
# You can specify other versions if desired, see documentation here:
+1 -1
View File
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Setup repo
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Setup Deno
# uses: denoland/setup-deno@v1
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
python-version: [3.7, 3.8, 3.9]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
+1 -1
View File
@@ -13,6 +13,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
+1 -1
View File
@@ -35,7 +35,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
+4 -4
View File
@@ -63,19 +63,19 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
# Install the .NET Core workload
- name: Install .NET Core
uses: actions/setup-dotnet@v3
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x
dotnet-version: 8.0.x
# Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
- name: Setup MSBuild.exe
uses: microsoft/setup-msbuild@v1.0.2
uses: microsoft/setup-msbuild@v2
# Execute all unit tests in the solution
- name: Execute unit tests
+3 -3
View File
@@ -15,11 +15,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x
dotnet-version: 8.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Elixir
uses: erlef/setup-beam@61e01a43a562a89bfc54c7f9a378ff67b03e4a21 # v1.16.0
with:
+1 -1
View File
@@ -19,7 +19,7 @@ jobs:
image: erlang:22.0.7
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Compile
run: rebar3 compile
- name: Run tests
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
packages: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Ruby 2.6
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
+1 -1
View File
@@ -23,7 +23,7 @@ jobs:
digests: ${{ steps.hash.outputs.digests }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# ========================================================
#
+1 -1
View File
@@ -14,7 +14,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-haskell@v1
with:
ghc-version: '8.10.3'
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set Default Scheme
run: |
scheme_list=$(xcodebuild -list -json | tr -d "\n")
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Build the site in the jekyll/builder container
run: |
docker run \
+3 -3
View File
@@ -15,7 +15,7 @@ jobs:
- uses: shivammathur/setup-php@15c43e89cdef867065b0213be354c2841860869e
with:
php-version: '8.0'
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Copy .env
run: php -r "file_exists('.env') || copy('.env.example', '.env');"
- name: Install Dependencies
@@ -28,8 +28,8 @@ jobs:
run: |
mkdir -p database
touch database/database.sqlite
- name: Execute tests (Unit and Feature tests) via PHPUnit
- name: Execute tests (Unit and Feature tests) via PHPUnit/Pest
env:
DB_CONNECTION: sqlite
DB_DATABASE: database/database.sqlite
run: vendor/bin/phpunit
run: php artisan test
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: configure
run: ./configure
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
packages: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
+1 -1
View File
@@ -28,7 +28,7 @@ jobs:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
node-version: [14.x, 16.x, 18.x]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
node-version: [14.x, 16.x, 18.x]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
+2 -2
View File
@@ -11,7 +11,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
@@ -25,7 +25,7 @@ jobs:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
+2 -2
View File
@@ -11,7 +11,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
@@ -22,7 +22,7 @@ jobs:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 16
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set Default Scheme
run: |
scheme_list=$(xcodebuild -list -json | tr -d "\n")
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Validate composer.json and composer.lock
run: composer validate --strict
+1 -1
View File
@@ -9,7 +9,7 @@ jobs:
matrix:
python-version: ["3.8", "3.9", "3.10"]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
+1 -1
View File
@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
+1 -1
View File
@@ -9,7 +9,7 @@ jobs:
max-parallel: 5
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
+1 -1
View File
@@ -19,7 +19,7 @@ jobs:
python-version: ["3.9", "3.10", "3.11"]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v3
with:
+1 -1
View File
@@ -25,7 +25,7 @@ jobs:
r-version: ['3.6.3', '4.1.1']
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up R ${{ matrix.r-version }}
uses: r-lib/actions/setup-r@f57f1301a053485946083d7a45022b278929a78a
with:
+1 -1
View File
@@ -25,7 +25,7 @@ jobs:
ruby-version: ['2.6', '2.7', '3.0']
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up Ruby
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
+2 -2
View File
@@ -27,7 +27,7 @@ jobs:
DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
# Add or replace dependency steps here
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
@@ -44,7 +44,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
with:
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Build
run: cargo build --verbose
- name: Run tests
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
runs-on: macos-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Build
run: swift build -v
- name: Run tests
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
- uses: shivammathur/setup-php@2cb9b829437ee246e9b3cac53555a39208ca6d28
with:
php-version: '8.0'
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Copy .env.test.local
run: php -r "file_exists('.env.test.local') || copy('.env.test', '.env.test.local');"
- name: Cache Composer packages
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
node-version: [14.x, 16.x, 18.x]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Scan the image and upload dependency results
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out the code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the Anchore Grype scan action
+1 -1
View File
@@ -26,7 +26,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout project source
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Scan code using Bearer CLI
- name: Run Report
id: report
+1 -1
View File
@@ -31,7 +31,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
# Customize the ruby version depending on your needs
- name: Setup Ruby
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
# This step creates the Checkmarx One scan
- name: Checkmarx One scan
uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
+1 -1
View File
@@ -35,7 +35,7 @@ jobs:
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/checkmarx-cxflow-github-action@49d8269b14ca87910ba003d47a31fa0c7a11f2fe
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
steps:
- name: Clone repo
uses: actions/checkout@v3
uses: actions/checkout@v4
# For Terraform, Cloudrail requires the plan as input. So we generate it using
# the Terraform core binary.
+1 -1
View File
@@ -36,7 +36,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
+28 -22
View File
@@ -21,18 +21,21 @@ on:
jobs:
analyze:
name: Analyze
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners
# Consider using larger runners for possible analysis time improvements.
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
@@ -40,12 +43,15 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
# Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
$codeql-languages-matrix
# CodeQL supports the following values keywords for 'language': $supported-codeql-languages
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
@@ -55,6 +61,7 @@ jobs:
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
@@ -62,21 +69,20 @@ jobs:
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
- if: matrix.build-mode == 'manual'
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
+1 -1
View File
@@ -29,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Cache files
uses: actions/cache@v3
with:
+1 -1
View File
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
# check out project
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Since Contrast Scan is designed to run against your deployable artifact, the steps to build your artifact should go here.
# -name: Build Project
# ...
+1 -1
View File
@@ -41,7 +41,7 @@ jobs:
otp: [version]
elixir: [version]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
with:
otp-version: ${{matrix.otp}}
+1 -1
View File
@@ -42,7 +42,7 @@ jobs:
security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: 42Crunch REST API Static Security Testing
uses: 42Crunch/api-security-audit-action@fc01ea7a89e6268875868f9d89598af7a9899ae0
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Run Datree policy check
continue-on-error: true
uses: datreeio/action-datree@de67ae7a5133d719dc794e1b75682cd4c5f94d8a
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v3
with:
dotnet-version: |
+2 -2
View File
@@ -13,7 +13,7 @@
# 4. Manually, on demand, via the "workflow_dispatch" event
#
# The workflow should work with no modifications, but you might like to use a
# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
# later version of the Detekt CLI by modifying the $DETEKT_RELEASE_TAG
# environment variable.
name: Scan with Detekt
@@ -45,7 +45,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
- name: Get Detekt download URL
+1 -1
View File
@@ -23,7 +23,7 @@ jobs:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
+2 -2
View File
@@ -21,10 +21,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
#### Package Build Instructions
### Use this section to define the build steps used by your software package.
### Endor Labs builds your software for you where possible but the required build tools must be made availible.
### Endor Labs builds your software for you where possible but the required build tools must be made available.
# - name: Setup Java
# uses: actions/setup-java@v3
# with:
+1 -1
View File
@@ -28,7 +28,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install ESLint
run: |
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: flawfinder_scan
uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c
+1 -1
View File
@@ -39,7 +39,7 @@ jobs:
steps:
# Check out source code
- name: Check Out Source Code
uses: actions/checkout@v3
uses: actions/checkout@v4
# Java is required to run the various Fortify utilities.
# When scanning a Java application, please use the appropriate Java version for building your application.
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
create-fix-pull-requests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# IMPORTANT:
# 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
+1 -1
View File
@@ -30,7 +30,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Run hadolint
uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 18
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Run kubesec scanner
uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
+1 -1
View File
@@ -33,7 +33,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Setup R
uses: r-lib/actions/setup-r@4e1feaf90520ec1215d1882fdddfe3411c08e492
+1 -1
View File
@@ -42,7 +42,7 @@ jobs:
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Run your API in the background. Ideally, the API would run in debug
# mode & send stacktraces back on "500 Internal Server Error" responses
+1 -1
View File
@@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v3
+1 -1
View File
@@ -34,7 +34,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Configure CMake
run: cmake -B ${{ env.build }}
+1 -1
View File
@@ -30,7 +30,7 @@ jobs:
name: njsscan code scanning
steps:
- name: Checkout the code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
+1 -1
View File
@@ -42,7 +42,7 @@ jobs:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
+1 -1
View File
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
# Ensure a compatible version of dotnet is installed.
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
+48
View File
@@ -0,0 +1,48 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities,
# in addition to a PR check which fails if new vulnerabilities are introduced.
#
# For more examples and options, including how to ignore specific vulnerabilities,
# see https://google.github.io/osv-scanner/github-action/
name: OSV-Scanner
on:
pull_request:
branches: [ $default-branch, $protected-branches ]
merge_group:
branches: [ $default-branch, $protected-branches ]
schedule:
- cron: $cron-weekly
push:
branches: [ $default-branch, $protected-branches ]
permissions:
# Require writing security events to upload SARIF file to security tab
security-events: write
# Read commit contents
contents: read
jobs:
scan-scheduled:
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
with:
# Example of specifying custom arguments
scan-args: |-
-r
--skip-git
./
scan-pr:
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
with:
# Example of specifying custom arguments
scan-args: |-
-r
--skip-git
./
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@aa1fe473f9c687b6fb896056d771232c0bc41161
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
+84
View File
@@ -0,0 +1,84 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will validate the IAM policies in the CloudFormation (CFN) templates with using the standard and custom checks in AWS IAM Access Analyzer
# To use this workflow, you will need to complete the following set up steps before start using it:
# 1. Configure an AWS IAM role to use the Access Analyzer's ValidatePolicy, CheckNoNewAccess and CheckAccessNotGranted. This IAM role must be configured to call from the GitHub Actions, use the following [doc](https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/) for steps. In the below workflow, ARN of such role is stored in the GitHub secrets with name `POLICY_VALIDATOR_ROLE`
# 2. If you're using CHECK_NO_NEW_ACCESS policy-check-type, you need to create a reference policy. Use the guide [here](https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples?tab=readme-ov-file#how-do-i-write-my-own-reference-policies) and store it your GitHub repo.
# 3. If you're using the CHECK_ACCESS_NOT_GRANTED policy-check-type, identify the list of critical actions that shouldn't be granted access by the policies in the given CFN templates.
# 4. Start using the GitHub actions by generating the GitHub events matching the defined criteria in your workflow.
name: Validate AWS IAM policies in CloudFormation templates using Policy Validator
on:
push:
branches: [$default-branch, $protected-branches]
pull_request:
# The branches below must be a subset of the branches above
branches: [$default-branch]
env:
AWS_ROLE: MY_ROLE # set this with the role ARN which has permissions to invoke access-analyzer:ValidatePolicy,access-analyzer:CheckNoNewAccess, access-analyzer:CheckAccessNotGranted and can be used in GitHub actions
REGION: MY_AWS_REGION # set this to your preferred AWS region where you plan to deploy your policies, e.g. us-west-1
TEMPLATE_PATH: FILE_PATH_TO_CFN_TEMPLATE # set to the file path to the CloudFormation template.
ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. This is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
REFERENCE_POLICY: REFERENCE_POLICY # set to pass a JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison. For example, if you stored such path in a GitHub secret with name REFERENCE_IDENTITY_POLICY , you can pass ${{ secrets.REFERENCE_IDENTITY_POLICY }}. If not you have the reference policy in the repository, you can directly pass it's file path. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
REFERENCE_POLICY_TYPE: TYPE_OF_REFERENCE_POLICY # set to pass the policy type associated with the IAM policy under analysis and the reference policy. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
jobs:
policy-validator:
runs-on: ubuntu-latest # Virtual machine to run the workflow (configurable)
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
# https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
name: Policy Validator checks for AWS IAM policies
steps:
# checkout the repo for workflow to access the contents
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
# Configure AWS Credentials. More configuration details here - https://github.com/aws-actions/configure-aws-credentials
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.REGION }}
# Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer ValidatePolicy check
id: run-aws-validate-policy
uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
with:
policy-check-type: "VALIDATE_POLICY"
template-path: ${{ env.TEMPLATE_PATH}}
region: ${{ env.REGION }}
# Print result from VALIDATE_POLICY check
- name: Print the result for ValidatePolicy check
if: success() || failure()
run: echo "${{ steps.run-aws-validate-policy.outputs.result }}"
# Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer CheckAccessNotGranted check
id: run-aws-check-access-not-granted
uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
with:
policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
template-path: ${{ env.TEMPLATE_PATH}}
actions: ${{ env.ACTIONS }}
region: ${{ env.REGION }}
# Print result from CHECK_ACCESS_NOT_GRANTED check
- name: Print the result for CheckAccessNotGranted check
if: success() || failure()
run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}"
# Run the CHECK_NO_NEW_ACCESS check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
# reference-policy is stored in GitHub secrets
- name: Run AWS AccessAnalyzer CheckNoNewAccess check
id: run-aws-check-no-new-access
uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
with:
policy-check-type: "CHECK_NO_NEW_ACCESS"
template-path: ${{ env.TEMPLATE_PATH}}
reference-policy: ${{ env.REFERENCE }}
reference-policy-type: ${{ env.REFERENCE_POLICY_TYPE }}
region: ${{env.REGION }}
# Print result from CHECK_NO_NEW_ACCESS check
- name: Print the result for CheckNoNewAccess check
if: success() || failure()
run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
+87
View File
@@ -0,0 +1,87 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will validate the IAM policies in the terraform (TF) templates with using the standard and custom checks in AWS IAM Access Analyzer
# To use this workflow, you will need to complete the following set up steps before start using it:
# 1. Configure an AWS IAM role to use the Access Analyzer's ValidatePolicy, CheckNoNewAccess and CheckAccessNotGranted. This IAM role must be configured to call from the GitHub Actions, use the following [doc](https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/) for steps.
# 2. If you're using CHECK_NO_NEW_ACCESS policy-check-type, you need to create a reference policy. Use the guide [here](https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples?tab=readme-ov-file#how-do-i-write-my-own-reference-policies) and store it your GitHub repo.
# 3. If you're using the CHECK_ACCESS_NOT_GRANTED policy-check-type, identify the list of critical actions that shouldn't be granted access by the policies in the TF templates.
# 4. Start using the GitHub actions by generating the GitHub events matching the defined criteria in your workflow.
name: Validate AWS IAM policies in Terraform templates using Policy Validator
on:
push:
branches: [$default-branch, $protected-branches]
pull_request:
# The branches below must be a subset of the branches above
branches: [$default-branch]
env:
AWS_ROLE: MY_ROLE # set this with the role ARN which has permissions to invoke access-analyzer:ValidatePolicy,access-analyzer:CheckNoNewAccess, access-analyzer:CheckAccessNotGranted and can be used in GitHub actions
REGION: MY_AWS_REGION # set this to your preferred AWS region where you plan to deploy your policies, e.g. us-west-1
TEMPLATE_PATH: FILE_PATH_TO_THE_TF_PLAN # set this to the file path to the terraform plan in JSON
ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. This is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
REFERENCE_POLICY: REFERENCE_POLICY # set to pass a JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison. For example, if you stored such path in a GitHub secret with name REFERENCE_IDENTITY_POLICY , you can pass ${{ secrets.REFERENCE_IDENTITY_POLICY }}. If not you have the reference policy in the repository, you can directly pass it's path. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
REFERENCE_POLICY_TYPE: TYPE_OF_REFERENCE_POLICY # set to pass the policy type associated with the IAM policy under analysis and the reference policy. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
jobs:
policy-validator:
runs-on: ubuntu-latest # Virtual machine to run the workflow (configurable)
#https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
#https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners
name: Policy Validator checks for AWS IAM policies
steps:
# checkout the repo for workflow to access the contents
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
# Configure AWS Credentials. More configuration details here- https://github.com/aws-actions/configure-aws-credentials
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.REGION }}
# Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer ValidatePolicy check
id: run-aws-validate-policy
uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
with:
policy-check-type: "VALIDATE_POLICY"
template-path: ${{ env.TEMPLATE_PATH }}
region: ${{ env.REGION }}
# Print result from VALIDATE_POLICY check
- name: Print the result for ValidatePolicy check
if: success() || failure()
run: echo "${{ steps.run-aws-validate-policy.outputs.result }}"
# Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer CheckAccessNotGranted check
id: run-aws-check-access-not-granted
uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
with:
policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
template-path: ${{ env.TEMPLATE_PATH }}
actions: ${{ env.ACTIONS }}
region: ${{ env.REGION }}
# Print result from CHECK_ACCESS_NOT_GRANTED check
- name: Print the result for CheckAccessNotGranted check
if: success() || failure()
run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}"
# Run the CHECK_NO_NEW_ACCESS check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
# reference-policy is stored in GitHub secrets
- name: Run AWS AccessAnalyzer CheckNoNewAccess check
id: run-aws-check-no-new-access
uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
with:
policy-check-type: "CHECK_NO_NEW_ACCESS"
template-path: ${{ env.TEMPLATE_PATH }}
reference-policy: ${{ env.REFERENCE_POLICY }}
reference-policy-type: ${{ env.REFERENCE_POLICY_TYPE }}
region: ${{ env.REGION }}
# Print result from CHECK_NO_NEW_ACCESS check
- name: Print the result CheckNoNewAccess check
if: success() || failure()
run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
+1 -1
View File
@@ -29,7 +29,7 @@ jobs:
name: PSScriptAnalyzer
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Run PSScriptAnalyzer
uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
+1 -1
View File
@@ -34,7 +34,7 @@ jobs:
name: Run Prisma Cloud IaC Scan to check
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
- id: iac-scan
name: Run Scan on CFT files in the repository
uses: prisma-cloud-shiftleft/iac-scan-action@53278c231c438216d99b463308a3cbed351ba0c3
@@ -0,0 +1,7 @@
{
"name": "OSV Scanner",
"creator": "Google",
"description": "Vulnerability scanner for your dependencies using data provided by https://osv.dev",
"iconName": "osv",
"categories": ["Code Scanning", "JavaScript", "Python", "Java", "PHP", "C#", "R", "Ruby", "Rust", "Swift", "Go", "TypeScript"]
}
@@ -0,0 +1,7 @@
{
"name": "Policy Validator for CloudFormation",
"creator": "Amazon Web Services",
"description": "Validate AWS IAM Policies in CloudFormation Templates powered IAM Access Analyzer",
"iconName": "aws",
"categories": ["Code Scanning", "AWS", "Python"]
}
@@ -0,0 +1,7 @@
{
"name": "Policy Validator for Terraform",
"creator": "Amazon Web Services",
"description": "Validate AWS IAM Policies in Terraform Templates powered IAM Access Analyzer",
"iconName": "aws",
"categories": ["Code Scanning", "AWS", "Python"]
}
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Psalm Security Scan
uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287
+1 -1
View File
@@ -33,7 +33,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0

Some files were not shown because too many files have changed in this diff Show More