From 763a1a60f8e6b874e2ebd4bbb9203789caaecd3a Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 25 Apr 2024 13:24:02 -0400 Subject: [PATCH] Upload-Sarif: Update all workflows to use Upload-Sarif V3 --- code-scanning/anchore.yml | 2 +- code-scanning/apisec-scan.yml | 2 +- code-scanning/bearer.yml | 2 +- code-scanning/brakeman.yml | 2 +- code-scanning/checkmarx-one.yml | 2 +- code-scanning/checkmarx.yml | 2 +- code-scanning/clj-holmes.yml | 2 +- code-scanning/clj-watson.yml | 2 +- code-scanning/cloudrail.yml | 2 +- code-scanning/codacy.yml | 2 +- code-scanning/codescan.yml | 2 +- code-scanning/contrast-scan.yml | 2 +- code-scanning/credo.yml | 2 +- code-scanning/datree.yml | 2 +- code-scanning/defender-for-devops.yml | 2 +- code-scanning/detekt.yml | 2 +- code-scanning/devskim.yml | 2 +- code-scanning/endorlabs.yml | 2 +- code-scanning/eslint.yml | 2 +- code-scanning/ethicalcheck.yml | 2 +- code-scanning/flawfinder.yml | 2 +- code-scanning/hadolint.yml | 2 +- code-scanning/kubesec.yml | 2 +- code-scanning/lintr.yml | 2 +- code-scanning/mayhem-for-api.yml | 2 +- code-scanning/mobsf.yml | 2 +- code-scanning/msvc.yml | 2 +- code-scanning/njsscan.yml | 2 +- code-scanning/nowsecure.yml | 2 +- code-scanning/ossar.yml | 2 +- code-scanning/phpmd.yml | 2 +- code-scanning/pmd.yml | 2 +- code-scanning/powershell.yml | 2 +- code-scanning/prisma.yml | 2 +- code-scanning/psalm.yml | 2 +- code-scanning/puppet-lint.yml | 2 +- code-scanning/rubocop.yml | 2 +- code-scanning/rust-clippy.yml | 2 +- code-scanning/scorecard.yml | 2 +- code-scanning/securitycodescan.yml | 2 +- code-scanning/semgrep.yml | 2 +- code-scanning/snyk-container.yml | 2 +- code-scanning/snyk-infrastructure.yml | 2 +- code-scanning/snyk-security.yml | 2 +- code-scanning/sobelow.yml | 2 +- code-scanning/synopsys-io.yml | 2 +- code-scanning/sysdig-scan.yml | 2 +- code-scanning/tfsec.yml | 2 +- code-scanning/trivy.yml | 2 +- code-scanning/veracode.yml | 2 +- code-scanning/xanitizer.yml | 2 +- code-scanning/zscaler-iac-scan.yml | 2 +- code-scanning/zscan.yml | 2 +- 53 files changed, 53 insertions(+), 53 deletions(-) diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml index 2bbc55e..8ada351 100644 --- a/code-scanning/anchore.yml +++ b/code-scanning/anchore.yml @@ -43,6 +43,6 @@ jobs: fail-build: true severity-cutoff: critical - name: Upload vulnerability report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml index 34defa9..f425ca8 100644 --- a/code-scanning/apisec-scan.yml +++ b/code-scanning/apisec-scan.yml @@ -66,6 +66,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./apisec-results.sarif diff --git a/code-scanning/bearer.yml b/code-scanning/bearer.yml index 7971be9..b384d82 100644 --- a/code-scanning/bearer.yml +++ b/code-scanning/bearer.yml @@ -38,6 +38,6 @@ jobs: exit-code: 0 # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index 0d1cb05..38e572c 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -53,6 +53,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: output.sarif.json diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index 7feeb25..ae326bd 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -49,7 +49,7 @@ jobs: cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One additional_params: --report-format sarif --output-path . - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: cx_result.sarif diff --git a/code-scanning/checkmarx.yml b/code-scanning/checkmarx.yml index b4a99f3..5406860 100644 --- a/code-scanning/checkmarx.yml +++ b/code-scanning/checkmarx.yml @@ -50,6 +50,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filter-severity --cx-flow.filter-category --checkmarx.disable-clubbing=true --repo-url=${{ github.event.repository.url }} # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: cx.sarif diff --git a/code-scanning/clj-holmes.yml b/code-scanning/clj-holmes.yml index 87f11cb..2d919a5 100644 --- a/code-scanning/clj-holmes.yml +++ b/code-scanning/clj-holmes.yml @@ -38,7 +38,7 @@ jobs: fail-on-result: 'false' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/clj-holmes-results.sarif wait-for-processing: true diff --git a/code-scanning/clj-watson.yml b/code-scanning/clj-watson.yml index 59bfd41..b0a7443 100644 --- a/code-scanning/clj-watson.yml +++ b/code-scanning/clj-watson.yml @@ -48,7 +48,7 @@ jobs: fail-on-result: false - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/clj-watson-results.sarif wait-for-processing: true \ No newline at end of file diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml index 8273881..846c43d 100644 --- a/code-scanning/cloudrail.yml +++ b/code-scanning/cloudrail.yml @@ -50,7 +50,7 @@ jobs: cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 # Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always() # is needed to ensure the SARIF file is uploaded if: always() diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml index c3cd9f5..2f2acc3 100644 --- a/code-scanning/codacy.yml +++ b/code-scanning/codacy.yml @@ -56,6 +56,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/codescan.yml b/code-scanning/codescan.yml index c4858c6..cb338df 100644 --- a/code-scanning/codescan.yml +++ b/code-scanning/codescan.yml @@ -44,6 +44,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: codescan.sarif diff --git a/code-scanning/contrast-scan.yml b/code-scanning/contrast-scan.yml index 1950d3a..197779f 100644 --- a/code-scanning/contrast-scan.yml +++ b/code-scanning/contrast-scan.yml @@ -48,6 +48,6 @@ jobs: authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }} #Upload the results to GitHub - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output diff --git a/code-scanning/credo.yml b/code-scanning/credo.yml index 8c8c8be..5a322a4 100644 --- a/code-scanning/credo.yml +++ b/code-scanning/credo.yml @@ -55,7 +55,7 @@ jobs: - name: credo-scan run: mix credo --format=sarif > credo_output.sarif - name: upload sarif - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: credo_output.sarif diff --git a/code-scanning/datree.yml b/code-scanning/datree.yml index a892cf8..a98eabe 100644 --- a/code-scanning/datree.yml +++ b/code-scanning/datree.yml @@ -42,6 +42,6 @@ jobs: # Setting a SARIF output will generate a file named "datree.sarif" containing your test results cliArguments: "-o sarif" - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: datree.sarif diff --git a/code-scanning/defender-for-devops.yml b/code-scanning/defender-for-devops.yml index 07aa7d1..59eaaa7 100644 --- a/code-scanning/defender-for-devops.yml +++ b/code-scanning/defender-for-devops.yml @@ -42,6 +42,6 @@ jobs: uses: microsoft/security-devops-action@v1.6.0 id: msdo - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml index 76a116b..2d6293b 100644 --- a/code-scanning/detekt.yml +++ b/code-scanning/detekt.yml @@ -111,7 +111,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 98daab8..794986a 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -29,6 +29,6 @@ jobs: uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: devskim-results.sarif diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index 670fe62..7f3951a 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -46,6 +46,6 @@ jobs: ci_run: "false" sarif_file: findings.sarif - name: Upload SARIF to github - uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd + uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 with: sarif_file: findings.sarif diff --git a/code-scanning/eslint.yml b/code-scanning/eslint.yml index 876ea2b..7304e83 100644 --- a/code-scanning/eslint.yml +++ b/code-scanning/eslint.yml @@ -44,7 +44,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: eslint-results.sarif wait-for-processing: true \ No newline at end of file diff --git a/code-scanning/ethicalcheck.yml b/code-scanning/ethicalcheck.yml index a68d0a2..fac8a74 100644 --- a/code-scanning/ethicalcheck.yml +++ b/code-scanning/ethicalcheck.yml @@ -63,7 +63,7 @@ jobs: sarif-result-file: "ethicalcheck-results.sarif" - name: Upload sarif file to repository - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./ethicalcheck-results.sarif diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index d564b68..d3898b6 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -33,6 +33,6 @@ jobs: output: 'flawfinder_results.sarif' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/code-scanning/hadolint.yml b/code-scanning/hadolint.yml index 2d901a4..eacbabb 100644 --- a/code-scanning/hadolint.yml +++ b/code-scanning/hadolint.yml @@ -41,7 +41,7 @@ jobs: no-fail: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: hadolint-results.sarif wait-for-processing: true \ No newline at end of file diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 98fd8e0..750acc7 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -36,6 +36,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: kubesec-results.sarif \ No newline at end of file diff --git a/code-scanning/lintr.yml b/code-scanning/lintr.yml index 01ce719..7bb83e3 100644 --- a/code-scanning/lintr.yml +++ b/code-scanning/lintr.yml @@ -49,7 +49,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: lintr-results.sarif wait-for-processing: true diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml index 9e533fe..93b0dd2 100644 --- a/code-scanning/mayhem-for-api.yml +++ b/code-scanning/mayhem-for-api.yml @@ -61,6 +61,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: mapi.sarif diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml index 9f876ae..05e014e 100644 --- a/code-scanning/mobsf.yml +++ b/code-scanning/mobsf.yml @@ -38,6 +38,6 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml index 0700989..b8469de 100644 --- a/code-scanning/msvc.yml +++ b/code-scanning/msvc.yml @@ -54,7 +54,7 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml index 8062259..767b967 100644 --- a/code-scanning/njsscan.yml +++ b/code-scanning/njsscan.yml @@ -37,6 +37,6 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/nowsecure.yml b/code-scanning/nowsecure.yml index 324a533..5cb6c29 100644 --- a/code-scanning/nowsecure.yml +++ b/code-scanning/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: NowSecure.sarif diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml index ad46e1d..1c7a6d9 100644 --- a/code-scanning/ossar.yml +++ b/code-scanning/ossar.yml @@ -51,6 +51,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/code-scanning/phpmd.yml b/code-scanning/phpmd.yml index 58ca4f8..5ceaabc 100644 --- a/code-scanning/phpmd.yml +++ b/code-scanning/phpmd.yml @@ -51,7 +51,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: phpmd-results.sarif wait-for-processing: true diff --git a/code-scanning/pmd.yml b/code-scanning/pmd.yml index ed5eec9..50524ae 100644 --- a/code-scanning/pmd.yml +++ b/code-scanning/pmd.yml @@ -38,6 +38,6 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: pmd-report.sarif diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml index 52f65a0..216f1dc 100644 --- a/code-scanning/powershell.yml +++ b/code-scanning/powershell.yml @@ -44,6 +44,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml index 4b84b21..5461f5c 100644 --- a/code-scanning/prisma.yml +++ b/code-scanning/prisma.yml @@ -49,7 +49,7 @@ jobs: # The service need to know the type of IaC being scanned template_type: 'CFT' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 # Results are generated only on a success or failure # this is required since GitHub by default won't run the next step # when the previous one has failed. diff --git a/code-scanning/psalm.yml b/code-scanning/psalm.yml index dddbfdd..a0563d9 100644 --- a/code-scanning/psalm.yml +++ b/code-scanning/psalm.yml @@ -33,6 +33,6 @@ jobs: uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml index e039085..014b0a0 100644 --- a/code-scanning/puppet-lint.yml +++ b/code-scanning/puppet-lint.yml @@ -49,7 +49,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: puppet-lint-results.sarif wait-for-processing: true diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index feef351..a3e7af8 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -47,6 +47,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: rubocop.sarif diff --git a/code-scanning/rust-clippy.yml b/code-scanning/rust-clippy.yml index 4f50c3e..e4b2508 100644 --- a/code-scanning/rust-clippy.yml +++ b/code-scanning/rust-clippy.yml @@ -49,7 +49,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/code-scanning/scorecard.yml b/code-scanning/scorecard.yml index 162c788..d7474f9 100644 --- a/code-scanning/scorecard.yml +++ b/code-scanning/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 with: sarif_file: results.sarif diff --git a/code-scanning/securitycodescan.yml b/code-scanning/securitycodescan.yml index 5d5e87b..58cb9c6 100644 --- a/code-scanning/securitycodescan.yml +++ b/code-scanning/securitycodescan.yml @@ -38,4 +38,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687 - name: Upload sarif - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml index f21aa9a..bbf787a 100644 --- a/code-scanning/semgrep.yml +++ b/code-scanning/semgrep.yml @@ -43,7 +43,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: semgrep.sarif if: always() diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml index edbea1d..c485691 100644 --- a/code-scanning/snyk-container.yml +++ b/code-scanning/snyk-container.yml @@ -50,6 +50,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/code-scanning/snyk-infrastructure.yml b/code-scanning/snyk-infrastructure.yml index a5605a3..f1466b2 100644 --- a/code-scanning/snyk-infrastructure.yml +++ b/code-scanning/snyk-infrastructure.yml @@ -49,6 +49,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/code-scanning/snyk-security.yml b/code-scanning/snyk-security.yml index 4941e00..8f23020 100644 --- a/code-scanning/snyk-security.yml +++ b/code-scanning/snyk-security.yml @@ -74,6 +74,6 @@ jobs: # Push the Snyk Code results into GitHub Code Scanning tab - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk-code.sarif diff --git a/code-scanning/sobelow.yml b/code-scanning/sobelow.yml index 6dd4ffe..cfbf1f4 100644 --- a/code-scanning/sobelow.yml +++ b/code-scanning/sobelow.yml @@ -36,6 +36,6 @@ jobs: - id: run-action uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912 - name: Upload report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml index df50d9d..6e245d7 100644 --- a/code-scanning/synopsys-io.yml +++ b/code-scanning/synopsys-io.yml @@ -71,7 +71,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml index c9a0edb..11fd8b7 100644 --- a/code-scanning/sysdig-scan.yml +++ b/code-scanning/sysdig-scan.yml @@ -55,7 +55,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 #Upload SARIF file if: always() with: diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml index 388fc37..c8ef49c 100644 --- a/code-scanning/tfsec.yml +++ b/code-scanning/tfsec.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml index ec90221..7180f72 100644 --- a/code-scanning/trivy.yml +++ b/code-scanning/trivy.yml @@ -43,6 +43,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/code-scanning/veracode.yml b/code-scanning/veracode.yml index 379493f..c1b9b33 100644 --- a/code-scanning/veracode.yml +++ b/code-scanning/veracode.yml @@ -53,7 +53,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/code-scanning/xanitizer.yml b/code-scanning/xanitizer.yml index 32c977e..0f96c5a 100644 --- a/code-scanning/xanitizer.yml +++ b/code-scanning/xanitizer.yml @@ -95,6 +95,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: sarif_file: Xanitizer-Findings-List.sarif diff --git a/code-scanning/zscaler-iac-scan.yml b/code-scanning/zscaler-iac-scan.yml index 7a2fc00..523c495 100644 --- a/code-scanning/zscaler-iac-scan.yml +++ b/code-scanning/zscaler-iac-scan.yml @@ -51,6 +51,6 @@ jobs: #Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository. - name: Upload SARIF file if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }} diff --git a/code-scanning/zscan.yml b/code-scanning/zscan.yml index 018e473..9c9b303 100644 --- a/code-scanning/zscan.yml +++ b/code-scanning/zscan.yml @@ -55,6 +55,6 @@ jobs: app_file: app-release-unsigned.apk - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: Zimperium.sarif