Upload-Sarif: Update all workflows to use Upload-Sarif V3

This commit is contained in:
Josh Soref
2024-04-25 13:24:02 -04:00
parent 889ae22e02
commit 763a1a60f8
53 changed files with 53 additions and 53 deletions
+1 -1
View File
@@ -43,6 +43,6 @@ jobs:
fail-build: true
severity-cutoff: critical
- name: Upload vulnerability report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
+1 -1
View File
@@ -66,6 +66,6 @@ jobs:
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./apisec-results.sarif
+1 -1
View File
@@ -38,6 +38,6 @@ jobs:
exit-code: 0
# Upload SARIF file generated in previous step
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -53,6 +53,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: output.sarif.json
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
additional_params: --report-format sarif --output-path .
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: cx_result.sarif
+1 -1
View File
@@ -50,6 +50,6 @@ jobs:
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filter-severity --cx-flow.filter-category --checkmarx.disable-clubbing=true --repo-url=${{ github.event.repository.url }}
# Upload the Report for CodeQL/Security Alerts
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: cx.sarif
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
fail-on-result: 'false'
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{github.workspace}}/clj-holmes-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -48,7 +48,7 @@ jobs:
fail-on-result: false
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -50,7 +50,7 @@ jobs:
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
# is needed to ensure the SARIF file is uploaded
if: always()
+1 -1
View File
@@ -56,6 +56,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -44,6 +44,6 @@ jobs:
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: codescan.sarif
+1 -1
View File
@@ -48,6 +48,6 @@ jobs:
authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
#Upload the results to GitHub
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output
+1 -1
View File
@@ -55,7 +55,7 @@ jobs:
- name: credo-scan
run: mix credo --format=sarif > credo_output.sarif
- name: upload sarif
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: credo_output.sarif
+1 -1
View File
@@ -42,6 +42,6 @@ jobs:
# Setting a SARIF output will generate a file named "datree.sarif" containing your test results
cliArguments: "-o sarif"
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: datree.sarif
+1 -1
View File
@@ -42,6 +42,6 @@ jobs:
uses: microsoft/security-devops-action@v1.6.0
id: msdo
- name: Upload results to Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+1 -1
View File
@@ -111,7 +111,7 @@ jobs:
)" > ${{ github.workspace }}/detekt.sarif.json
# Uploads results to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/detekt.sarif.json
+1 -1
View File
@@ -29,6 +29,6 @@ jobs:
uses: microsoft/DevSkim-Action@v1
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: devskim-results.sarif
+1 -1
View File
@@ -46,6 +46,6 @@ jobs:
ci_run: "false"
sarif_file: findings.sarif
- name: Upload SARIF to github
uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
sarif_file: findings.sarif
+1 -1
View File
@@ -44,7 +44,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -63,7 +63,7 @@ jobs:
sarif-result-file: "ethicalcheck-results.sarif"
- name: Upload sarif file to repository
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./ethicalcheck-results.sarif
+1 -1
View File
@@ -33,6 +33,6 @@ jobs:
output: 'flawfinder_results.sarif'
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{github.workspace}}/flawfinder_results.sarif
+1 -1
View File
@@ -41,7 +41,7 @@ jobs:
no-fail: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -36,6 +36,6 @@ jobs:
exit-code: "0"
- name: Upload Kubesec scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kubesec-results.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: lintr-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -61,6 +61,6 @@ jobs:
sarif-report: mapi.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: mapi.sarif
+1 -1
View File
@@ -38,6 +38,6 @@ jobs:
args: . --sarif --output results.sarif || true
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -54,7 +54,7 @@ jobs:
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+1 -1
View File
@@ -37,6 +37,6 @@ jobs:
with:
args: '. --sarif --output results.sarif || true'
- name: Upload njsscan report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -47,6 +47,6 @@ jobs:
group_id: {{ groupId }} # Update this to your desired Platform group ID
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: NowSecure.sarif
+1 -1
View File
@@ -51,6 +51,6 @@ jobs:
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+1 -1
View File
@@ -51,7 +51,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: phpmd-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -38,6 +38,6 @@ jobs:
sourcePath: 'src/main/java'
analyzeModifiedFilesOnly: false
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: pmd-report.sarif
+1 -1
View File
@@ -44,6 +44,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
# The service need to know the type of IaC being scanned
template_type: 'CFT'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
# Results are generated only on a success or failure
# this is required since GitHub by default won't run the next step
# when the previous one has failed.
+1 -1
View File
@@ -33,6 +33,6 @@ jobs:
uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287
- name: Upload Security Analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: puppet-lint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -47,6 +47,6 @@ jobs:
"
- name: Upload Sarif output
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rubocop.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
sarif_file: results.sarif
+1 -1
View File
@@ -38,4 +38,4 @@ jobs:
uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
- name: Upload sarif
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
+1 -1
View File
@@ -43,7 +43,7 @@ jobs:
# Upload SARIF file generated in previous step
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: semgrep.sarif
if: always()
+1 -1
View File
@@ -50,6 +50,6 @@ jobs:
image: your/image-to-test
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
+1 -1
View File
@@ -49,6 +49,6 @@ jobs:
# or `main.tf` for a Terraform configuration file
file: your-file-to-test.yaml
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
+1 -1
View File
@@ -74,6 +74,6 @@ jobs:
# Push the Snyk Code results into GitHub Code Scanning tab
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk-code.sarif
+1 -1
View File
@@ -36,6 +36,6 @@ jobs:
- id: run-action
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
- name: Upload report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -71,7 +71,7 @@ jobs:
- name: Upload SARIF file
if: ${{steps.prescription.outputs.sastScan == 'true' }}
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: workflowengine-results.sarif.json
+1 -1
View File
@@ -55,7 +55,7 @@ jobs:
# Sysdig inline scanner requires privileged rights
run-as-user: root
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
#Upload SARIF file
if: always()
with:
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
sarif_file: tfsec.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
+1 -1
View File
@@ -43,6 +43,6 @@ jobs:
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
+1 -1
View File
@@ -53,7 +53,7 @@ jobs:
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
with:
pipeline-results-json: results.json
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: veracode-results.sarif
+1 -1
View File
@@ -95,6 +95,6 @@ jobs:
*-Findings-List.sarif
# Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: Xanitizer-Findings-List.sarif
+1 -1
View File
@@ -51,6 +51,6 @@ jobs:
#Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository.
- name: Upload SARIF file
if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }}
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }}
+1 -1
View File
@@ -55,6 +55,6 @@ jobs:
app_file: app-release-unsigned.apk
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: Zimperium.sarif