From 890150c289fca8efec79fadc5f3df37820ecd855 Mon Sep 17 00:00:00 2001 From: Anurag Chauhan <44864882+anuragc617@users.noreply.github.com> Date: Mon, 31 Jan 2022 10:48:11 +0000 Subject: [PATCH 1/2] Fixing some code scanning workflows description --- code-scanning/properties/apisec-scan.properties.json | 2 +- code-scanning/properties/cloudrail.properties.json | 2 +- code-scanning/properties/pmd.properties.json | 5 ++--- code-scanning/properties/scorecards.properties.json | 6 +++--- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/code-scanning/properties/apisec-scan.properties.json b/code-scanning/properties/apisec-scan.properties.json index 9e7db58..b0872c8 100644 --- a/code-scanning/properties/apisec-scan.properties.json +++ b/code-scanning/properties/apisec-scan.properties.json @@ -1,7 +1,7 @@ { "name": "APIsec Scan", "creator": "APIsec", - "description": "APIsec addresses the critical need to secure APIs before they reach production. APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.", + "description": "APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.", "iconName": "apisec", "categories": [ "Code Scanning", diff --git a/code-scanning/properties/cloudrail.properties.json b/code-scanning/properties/cloudrail.properties.json index 830d966..e87f3ca 100644 --- a/code-scanning/properties/cloudrail.properties.json +++ b/code-scanning/properties/cloudrail.properties.json @@ -1,7 +1,7 @@ { "name": "cloudrail", "creator": "Indeni Cloudrail", - "description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues. The Cloudrail action is often used as part of both CI workflows (on pull_request) and on CD workflows to identify potential issues.", + "description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues.", "iconName": "cloudrail", "categories": ["Code Scanning", "HCL"] } diff --git a/code-scanning/properties/pmd.properties.json b/code-scanning/properties/pmd.properties.json index 8608022..b96ecb7 100644 --- a/code-scanning/properties/pmd.properties.json +++ b/code-scanning/properties/pmd.properties.json @@ -1,7 +1,7 @@ { "name": "pmd", "creator": "pmd", - "description": "PMD is a static source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.", + "description": "PMD is a static source code analyzer. It supports Java, JavaScript, Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.", "iconName": "pmd", "categories": [ "Code Scanning", @@ -13,7 +13,6 @@ "Apache Velocity", "XML", "XSl", - "Scala", - "Apex" + "Scala" ] } \ No newline at end of file diff --git a/code-scanning/properties/scorecards.properties.json b/code-scanning/properties/scorecards.properties.json index d45274b..a98834c 100644 --- a/code-scanning/properties/scorecards.properties.json +++ b/code-scanning/properties/scorecards.properties.json @@ -1,7 +1,7 @@ { - "name": "OSSF Scorecards supply-chain security analysis", - "creator": "Open Source Security Foundation (OpenSSF) - https://github.com/ossf", - "description": "Scorecards is a static analysis tool to assess the security posture of your project", + "name": "OSSF Scorecards", + "creator": "Open Source Security Foundation (OpenSSF)", + "description": "Scorecards is a static supply-chain security analysis tool to assess the security posture of your project", "iconName": "scorecards", "categories": ["Code Scanning"] } From 776a96049686c7602b1fc0706bc21d1db9f7bfcc Mon Sep 17 00:00:00 2001 From: Daz DeBoer Date: Mon, 31 Jan 2022 14:47:10 -0700 Subject: [PATCH 2/2] Update for `gradle-build-action@v2.1.2` release (#1375) --- ci/gradle-publish.yml | 4 ++-- ci/gradle.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/gradle-publish.yml b/ci/gradle-publish.yml index 26bc0df..0fecd23 100644 --- a/ci/gradle-publish.yml +++ b/ci/gradle-publish.yml @@ -30,14 +30,14 @@ jobs: settings-path: ${{ github.workspace }} # location for the settings.xml file - name: Build with Gradle - uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 + uses: gradle/gradle-build-action@bc3340afc5e3cc44f2321809ac090d731c13c514 with: arguments: build # The USERNAME and TOKEN need to correspond to the credentials environment variables used in # the publishing section of your build.gradle - name: Publish to GitHub Packages - uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 + uses: gradle/gradle-build-action@bc3340afc5e3cc44f2321809ac090d731c13c514 with: arguments: publish env: diff --git a/ci/gradle.yml b/ci/gradle.yml index cc63e9a..bc64e5e 100644 --- a/ci/gradle.yml +++ b/ci/gradle.yml @@ -26,6 +26,6 @@ jobs: java-version: '11' distribution: 'temurin' - name: Build with Gradle - uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 + uses: gradle/gradle-build-action@bc3340afc5e3cc44f2321809ac090d731c13c514 with: arguments: build