597 Commits

Author SHA1 Message Date
Nagarjun Sanji ab2a8c2716 Merge branch 'actions:main' into main 2025-12-01 16:18:07 +05:30
Mario Campos 43f0e19226 Add name to manual build step in CodeQL starter workflow 2025-10-09 13:42:49 -05:00
Mario Campos 69b278ad65 Update CodeQL action versions to v4 in workflow configuration 2025-10-07 10:11:06 -05:00
Konrad Pabjan 0d93bc2a4f Merge branch 'main' into scorecard-bug-fix 2025-03-25 16:52:46 -04:00
Ruud Senden 7525cf0deb Merge branch 'main' into fortify-20241106 2025-03-17 22:58:26 +01:00
Ruud Senden dd84e34b8d Update to latest published action version 2025-03-17 22:57:43 +01:00
Chad Bentz c95135c3f9 Merge branch 'main' into patch-5 2025-03-05 01:28:16 -05:00
Spencer Schrock 4a5b4939a6 add future looking pull_request event to conditional
Scorecard currently has experimental support for the `pull_request`
trigger, so we want to allow analysis to be run for it in the future.

Signed-off-by: Spencer Schrock <sschrock@google.com>
2025-02-24 11:32:33 -07:00
Josh Soref 41e00af395 Limit scorecard to default branch
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2025-02-24 11:32:28 -07:00
Spencer Schrock f70f9c8252 bump action versions to latest to resolve issues
1. Scorecard update v2.4.1 was released, which includes months of bug
   fixes and a new `file_mode` input to address a .gitattributes bug.
2. Bumped actions/upload-artifact to the v4 branch. This was previously
   kept at  v3 as GHES doesn't support v4, but github.com no longer
   supports v3: as uploads return the following error "Create Artifact
   Container failed: The artifact name JSON file is not valid."

  Signed-off-by: Spencer Schrock <sschrock@google.com>
2025-02-24 11:27:23 -07:00
Sadman Anik fcdc1287fc Fixed Linting Issues 2025-02-10 11:43:15 +06:00
Sadman Anik 345594d7f5 Updated actions/checkout v3 to v4 2025-02-07 14:47:21 +06:00
Sadman Anik 5969febe64 Resolved reviwed comments 2025-02-05 13:47:33 +06:00
Sadman Anik 51a27e7024 Merge branch 'main' into main 2025-02-04 16:17:52 +06:00
Chad Bentz 7db00754dc Code Scanning: bandit to latest hash
ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd
2025-02-03 15:12:05 -05:00
Andrew Eisenberg adcb922ec2 Make the example setup more explicit. 2025-01-30 16:50:30 -08:00
Sadman Anik 1de3a149b3 Update black-duck-security-scan-ci.yml 2025-01-30 13:48:02 +06:00
Andrew Eisenberg 7398b4eca4 Remove trailing whitespace 2025-01-29 15:39:32 -08:00
Andrew Eisenberg 2abfcee18d Update codeql.yml
Explicitly suggest that users add their setup steps before calling init.
2025-01-29 14:23:54 -08:00
Sadman Anik 56844b15c7 Merge branch 'main' into main 2025-01-28 12:45:05 +06:00
SOOS-GSteen 9085976703 SOOS Dast Feature Update (#2733)
* Update soos-dast-scan.yml

* Update soos-dast-scan.yml

* Update soos-dast-scan.yml
2025-01-23 18:15:51 -06:00
Josh Gross 1e05f3c86d Update starter workflows to use the latest artifact actions (#2726)
* Update starter workflows to use the latest artifact actions

* Ensure incompatible artifact actions aren't synced to GHES
2025-01-21 15:06:02 -05:00
Oscar Reimer c8284a423c Update debricked.yml
Update debricked.yml to use latest version debricked/actions
2025-01-16 14:03:53 +01:00
Beth Brennan 3cd0650576 Merge branch 'main' into bump-actions 2025-01-14 13:13:27 -05:00
Josh Soref 95a3224907 Remove stray -
Co-authored-by: Beth Brennan <34719884+elbrenn@users.noreply.github.com>
2025-01-13 20:52:25 -05:00
Beth Brennan e1deb63e94 Merge branch 'main' into ubuntu-latest 2025-01-13 12:52:40 -05:00
Josh Soref be1cddbe1d Checkout: Update all workflows to use Checkout V4 2025-01-06 09:43:57 -05:00
Sadman Anik 84747ed355 Used hash instead of tag name 2024-12-23 16:49:39 +06:00
Sadman Anik 4a84ccf8e0 Added black duck security scan action template 2024-12-18 18:07:23 +06:00
Ruud Senden 0486897d48 Update action version, update comment 2024-11-22 14:24:04 +01:00
Ruud Senden 1c6c18c8ea Remove trailing spaces 2024-11-08 11:31:30 +01:00
Ruud Senden 196973618e Remove trailing spaces 2024-11-08 11:30:15 +01:00
Ruud Senden 4cbe5359f3 Update Fortify starter workflow 2024-11-08 11:18:15 +01:00
Ilya Khivrich 7f50c70218 pass token over stdin, add security to properties 2024-10-22 11:53:35 +03:00
Ilya Khivrich 09fa3b9723 add jfrog-sast flow 2024-10-21 23:01:52 +03:00
ginilpg 666350e29b Added appknox.yml for code scanning (#2498)
Create appknox.json

Create appknox.svg

Update appknox.json

Update appknox.svg

Rename appknox.json to appknox.properties.json

Update appknox.yml

Update appknox.yml

Update appknox.properties.json

Formatting yml

Removed preview mode from appknox scanner

Removed preview mode from appknox scanner

Add Appknox starter workflow (#2447)

* Added appknox.yml for code scanning

* Create appknox.json

* Create appknox.svg

* Update appknox.json

* Update appknox.svg

* Rename appknox.json to appknox.properties.json

* Update appknox.yml

* Update appknox.yml

* Update appknox.properties.json

* Formatting yml

removed preview mode

removed preview mode

precommit lint
2024-09-17 13:50:21 -05:00
Andrew Eisenberg dea60ba593 Update code-scanning/eslint.yml 2024-09-11 11:12:06 -07:00
Andrew Eisenberg 9d2ae7c028 Update appknox.yml
Fix more whitespace issues.
2024-09-10 11:50:28 -07:00
Andrew Eisenberg ddb47be888 Update appknox.yml
Fix linting errors (remove whitespace).
2024-09-10 11:46:17 -07:00
Andrew Eisenberg 53980cb868 Update eslint.yml
Ensure suppressed warnings don't make it into the SARIF.
2024-09-10 11:10:00 -07:00
ginilpg 9db23a2437 Add Appknox starter workflow (#2447)
* Added appknox.yml for code scanning

* Create appknox.json

* Create appknox.svg

* Update appknox.json

* Update appknox.svg

* Rename appknox.json to appknox.properties.json

* Update appknox.yml

* Update appknox.yml

* Update appknox.properties.json

* Formatting yml
2024-09-10 09:41:53 -05:00
Chad Bentz 6ac176a96e CodeQL - Add unique name vs default setup 2024-08-23 10:49:57 -04:00
Ian Lynagh ba125834f1 CodeQL: Remove Swift 2h timeout
Spurious intermittent timeouts are no longer expected on Swift.
2024-08-20 12:06:59 +01:00
Michael Chernov 83b6e98d43 Add Debricked starter workflow (#2107)
* Add Debricked starter workflow

* Add permissions section

* Remove schedule

* Fix review comments

---------

Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-08-16 10:16:20 -05:00
SOOS-GSteen af1bbdc430 Update soos-dast-scan.yml hash (#2466)
* Update soos-dast-scan.yml

* Update soos-dast-scan.yml

* Update soos-dast-scan.yml

* Update soos-dast-scan.yml
2024-08-16 10:10:57 -05:00
Josh Soref a5047545ff Ubuntu-Latest: Update all workflows to use ubuntu-latest 2024-08-06 01:11:49 -04:00
Jacob Wallraff 81a51b81d8 Merge branch 'main' into main 2024-08-01 14:50:04 -07:00
Jacob Wallraff aa685e127e Merge branch 'main' into bump-frogbot 2024-07-31 16:58:12 -07:00
Jacob Wallraff e1c2a477dd Merge branch 'main' into bump-actions-upload-sarif 2024-07-30 10:41:29 -07:00
Jacob Wallraff 1e293eebe5 Merge branch 'main' into bump-actions-setup-node 2024-07-30 10:38:56 -07:00