From f42f92e60ce9599cfd74f77191f8b0dfd5bbe08e Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Wed, 5 Jan 2022 09:50:26 -0800 Subject: [PATCH 01/13] Update erlang.yml Add token permissions --- ci/erlang.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ci/erlang.yml b/ci/erlang.yml index 25cb893..3bebb1f 100644 --- a/ci/erlang.yml +++ b/ci/erlang.yml @@ -6,10 +6,14 @@ on: pull_request: branches: [ $default-branch ] +permissions: read-all + jobs: build: + permissions: + contents: read # for actions/checkout to fetch code runs-on: ubuntu-latest container: From eedf8fbcb38fafd48d3aa00644bd01325b89abaa Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Fri, 21 Jan 2022 12:23:16 -0800 Subject: [PATCH 02/13] Update erlang.yml Setting contents: read at workflow level, and removing from job level --- ci/erlang.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ci/erlang.yml b/ci/erlang.yml index 3bebb1f..fc11dac 100644 --- a/ci/erlang.yml +++ b/ci/erlang.yml @@ -6,14 +6,13 @@ on: pull_request: branches: [ $default-branch ] -permissions: read-all +permissions: + contents: read jobs: build: - permissions: - contents: read # for actions/checkout to fetch code runs-on: ubuntu-latest container: From ccd26a97cbd594ff3af6632ba294d570b2e5c797 Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Mon, 14 Feb 2022 11:30:57 +0530 Subject: [PATCH 03/13] added token permissions --- ci/d.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/d.yml b/ci/d.yml index 6086681..c78e2ce 100644 --- a/ci/d.yml +++ b/ci/d.yml @@ -10,6 +10,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From d6dfba970ff1b09095fe860bf15860fbfc788840 Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Mon, 14 Feb 2022 13:03:20 +0530 Subject: [PATCH 04/13] Update deno.yml --- ci/deno.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/deno.yml b/ci/deno.yml index 25e9e2a..6393f5f 100644 --- a/ci/deno.yml +++ b/ci/deno.yml @@ -14,6 +14,9 @@ on: pull_request: branches: [$default-branch] +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest From baf5276476b911e377a006890698a2bfd211e47d Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Mon, 14 Feb 2022 13:05:59 +0530 Subject: [PATCH 05/13] Update ruby.yml --- ci/ruby.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/ruby.yml b/ci/ruby.yml index f6ae1e3..9f90687 100644 --- a/ci/ruby.yml +++ b/ci/ruby.yml @@ -13,6 +13,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: test: From db842e7ec591aa2ff0545d82f159c0719a0087d8 Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Tue, 15 Feb 2022 13:39:46 +0530 Subject: [PATCH 06/13] added github_token permission --- ci/scala.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/scala.yml b/ci/scala.yml index af6b2ed..95c1957 100644 --- a/ci/scala.yml +++ b/ci/scala.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From f0d5cb15453edac00fb14288d0ca9ae895bf76b0 Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Tue, 15 Feb 2022 13:42:06 +0530 Subject: [PATCH 07/13] added token permission --- ci/python-app.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/python-app.yml b/ci/python-app.yml index 2cfc2a3..cdd6c6c 100644 --- a/ci/python-app.yml +++ b/ci/python-app.yml @@ -9,6 +9,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From 93dc183837a934693bd89af6bf3e1ed076f9b958 Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Thu, 17 Feb 2022 08:55:16 +0530 Subject: [PATCH 08/13] Update r.yml --- ci/r.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/r.yml b/ci/r.yml index 305c2cf..456e552 100644 --- a/ci/r.yml +++ b/ci/r.yml @@ -14,6 +14,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: runs-on: macos-latest From ceada66602af669fcb1fee31ae307f1e47c85a2f Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Sat, 19 Mar 2022 16:32:12 +0530 Subject: [PATCH 09/13] Update haskell.yml --- ci/haskell.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/haskell.yml b/ci/haskell.yml index c1d7dc7..20dbb4c 100644 --- a/ci/haskell.yml +++ b/ci/haskell.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From 02fa52f6c02fc3004eb878379efba7e1b6d071b7 Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Sat, 19 Mar 2022 16:34:10 +0530 Subject: [PATCH 10/13] Update symfony.yml --- ci/symfony.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/symfony.yml b/ci/symfony.yml index 7d1ca74..ab80492 100644 --- a/ci/symfony.yml +++ b/ci/symfony.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: symfony-tests: runs-on: ubuntu-latest From c5f542db49696973e6dbe4fc4d83305434656a96 Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Sat, 19 Mar 2022 16:35:53 +0530 Subject: [PATCH 11/13] Update php.yml --- ci/php.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/php.yml b/ci/php.yml index 6acfdd1..4937d3e 100644 --- a/ci/php.yml +++ b/ci/php.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From 10092345c8d227804b7dc9f587d10813d85199c5 Mon Sep 17 00:00:00 2001 From: h0x0er Date: Wed, 30 Mar 2022 15:08:50 +0530 Subject: [PATCH 12/13] fixing conflict --- ci/elixir.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/elixir.yml b/ci/elixir.yml index 5b5aabb..6c76f54 100644 --- a/ci/elixir.yml +++ b/ci/elixir.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From 8d8c6f77d6d743a4b096c8b5b1eee8467552de77 Mon Sep 17 00:00:00 2001 From: Thomas Boop Date: Thu, 31 Mar 2022 08:24:35 -0400 Subject: [PATCH 13/13] update to v2 --- code-scanning/anchore.yml | 2 +- code-scanning/apisec-scan.yml | 2 +- code-scanning/brakeman.yml | 2 +- code-scanning/checkmarx.yml | 2 +- code-scanning/cloudrail.yml | 2 +- code-scanning/codacy.yml | 2 +- code-scanning/codeql.yml | 6 +++--- code-scanning/codescan.yml | 2 +- code-scanning/detekt.yml | 2 +- code-scanning/devskim.yml | 2 +- code-scanning/flawfinder.yml | 2 +- code-scanning/fortify.yml | 2 +- code-scanning/kubesec.yml | 2 +- code-scanning/mayhem-for-api.yml | 2 +- code-scanning/mobsf.yml | 2 +- code-scanning/msvc.yml | 2 +- code-scanning/njsscan.yml | 2 +- code-scanning/nowsecure.yml | 2 +- code-scanning/ossar.yml | 2 +- code-scanning/pmd.yml | 2 +- code-scanning/powershell.yml | 2 +- code-scanning/prisma.yml | 2 +- code-scanning/rubocop.yml | 2 +- code-scanning/securitycodescan.yml | 2 +- code-scanning/semgrep.yml | 2 +- code-scanning/shiftleft.yml | 2 +- code-scanning/snyk-container.yml | 2 +- code-scanning/snyk-infrastructure.yml | 2 +- code-scanning/synopsys-io.yml | 2 +- code-scanning/sysdig-scan.yml | 2 +- code-scanning/tfsec.yml | 2 +- code-scanning/trivy.yml | 2 +- code-scanning/veracode.yml | 2 +- code-scanning/xanitizer.yml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml index fcca708..66dd09f 100644 --- a/code-scanning/anchore.yml +++ b/code-scanning/anchore.yml @@ -40,6 +40,6 @@ jobs: image: "localbuild/testimage:latest" acs-report-enable: true - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml index 4737d06..5a9b751 100644 --- a/code-scanning/apisec-scan.yml +++ b/code-scanning/apisec-scan.yml @@ -64,6 +64,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ./apisec-results.sarif diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index d0b25ac..f54f6e7 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -52,6 +52,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: output.sarif.json diff --git a/code-scanning/checkmarx.yml b/code-scanning/checkmarx.yml index d012bce..dc96cde 100644 --- a/code-scanning/checkmarx.yml +++ b/code-scanning/checkmarx.yml @@ -49,6 +49,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: cx.sarif diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml index 00e270a..dd70bdf 100644 --- a/code-scanning/cloudrail.yml +++ b/code-scanning/cloudrail.yml @@ -50,7 +50,7 @@ jobs: cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 # Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always() # is needed to ensure the SARIF file is uploaded if: always() diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml index 4892930..6b0df9e 100644 --- a/code-scanning/codacy.yml +++ b/code-scanning/codacy.yml @@ -55,6 +55,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index 57b4b69..07b48e7 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # â„šī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/code-scanning/codescan.yml b/code-scanning/codescan.yml index 5886843..b87586c 100644 --- a/code-scanning/codescan.yml +++ b/code-scanning/codescan.yml @@ -37,6 +37,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: codescan.sarif diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml index a8610c3..505e31a 100644 --- a/code-scanning/detekt.yml +++ b/code-scanning/detekt.yml @@ -111,7 +111,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 3a5c45f..a435448 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -29,6 +29,6 @@ jobs: uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: devskim-results.sarif diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index 080953e..179d56f 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -33,6 +33,6 @@ jobs: output: 'flawfinder_results.sarif' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/code-scanning/fortify.yml b/code-scanning/fortify.yml index d67d194..1d37bc0 100644 --- a/code-scanning/fortify.yml +++ b/code-scanning/fortify.yml @@ -92,6 +92,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ./gh-fortify-sast.sarif diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 1cad70c..ac7085e 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -36,6 +36,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: kubesec-results.sarif \ No newline at end of file diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml index 59d66a0..94bdc4a 100644 --- a/code-scanning/mayhem-for-api.yml +++ b/code-scanning/mayhem-for-api.yml @@ -61,6 +61,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: mapi.sarif diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml index d8eaa92..03aec53 100644 --- a/code-scanning/mobsf.yml +++ b/code-scanning/mobsf.yml @@ -37,6 +37,6 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml index 0abb409..078399f 100644 --- a/code-scanning/msvc.yml +++ b/code-scanning/msvc.yml @@ -53,7 +53,7 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml index a6da087..421aa31 100644 --- a/code-scanning/njsscan.yml +++ b/code-scanning/njsscan.yml @@ -36,6 +36,6 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/nowsecure.yml b/code-scanning/nowsecure.yml index 92126bd..161c786 100644 --- a/code-scanning/nowsecure.yml +++ b/code-scanning/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: NowSecure.sarif diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml index b5aefa4..b3d5b39 100644 --- a/code-scanning/ossar.yml +++ b/code-scanning/ossar.yml @@ -44,6 +44,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/code-scanning/pmd.yml b/code-scanning/pmd.yml index 0604734..e4702d8 100644 --- a/code-scanning/pmd.yml +++ b/code-scanning/pmd.yml @@ -31,6 +31,6 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: pmd-report.sarif diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml index dfbf452..5252cf0 100644 --- a/code-scanning/powershell.yml +++ b/code-scanning/powershell.yml @@ -37,6 +37,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml index 5b11482..729cbac 100644 --- a/code-scanning/prisma.yml +++ b/code-scanning/prisma.yml @@ -48,7 +48,7 @@ jobs: # The service need to know the type of IaC being scanned template_type: 'CFT' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 # Results are generated only on a success or failure # this is required since GitHub by default won't run the next step # when the previous one has failed. diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index 373d5b6..8f32c73 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -47,6 +47,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: rubocop.sarif diff --git a/code-scanning/securitycodescan.yml b/code-scanning/securitycodescan.yml index 3063c7a..471c216 100644 --- a/code-scanning/securitycodescan.yml +++ b/code-scanning/securitycodescan.yml @@ -38,4 +38,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687 - name: Upload sarif - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml index f99d441..f88ad21 100644 --- a/code-scanning/semgrep.yml +++ b/code-scanning/semgrep.yml @@ -42,7 +42,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: semgrep.sarif if: always() diff --git a/code-scanning/shiftleft.yml b/code-scanning/shiftleft.yml index 48b86d3..552bc99 100644 --- a/code-scanning/shiftleft.yml +++ b/code-scanning/shiftleft.yml @@ -42,6 +42,6 @@ jobs: # type: python - name: Upload report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: reports diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml index 8ff2c9a..d0a95bf 100644 --- a/code-scanning/snyk-container.yml +++ b/code-scanning/snyk-container.yml @@ -43,6 +43,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif diff --git a/code-scanning/snyk-infrastructure.yml b/code-scanning/snyk-infrastructure.yml index b79bf34..ee4723d 100644 --- a/code-scanning/snyk-infrastructure.yml +++ b/code-scanning/snyk-infrastructure.yml @@ -42,6 +42,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml index 0c1ff16..e320303 100644 --- a/code-scanning/synopsys-io.yml +++ b/code-scanning/synopsys-io.yml @@ -71,7 +71,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml index f9b29fc..0b5af83 100644 --- a/code-scanning/sysdig-scan.yml +++ b/code-scanning/sysdig-scan.yml @@ -54,7 +54,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 #Upload SARIF file if: always() with: diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml index 479f713..275bf45 100644 --- a/code-scanning/tfsec.yml +++ b/code-scanning/tfsec.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml index 3d5373f..3bb0b1c 100644 --- a/code-scanning/trivy.yml +++ b/code-scanning/trivy.yml @@ -42,6 +42,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' diff --git a/code-scanning/veracode.yml b/code-scanning/veracode.yml index 073d1b6..c764551 100644 --- a/code-scanning/veracode.yml +++ b/code-scanning/veracode.yml @@ -51,7 +51,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/code-scanning/xanitizer.yml b/code-scanning/xanitizer.yml index dc3c9ce..ec0019a 100644 --- a/code-scanning/xanitizer.yml +++ b/code-scanning/xanitizer.yml @@ -87,6 +87,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: sarif_file: Xanitizer-Findings-List.sarif