Josh Soref
545832af8b
Setup-Dotnet: Update all workflows to Setup-Dotnet V4
2024-04-25 14:27:37 -04:00
Dan Rigby
8ff5c7e7bb
Merge branch 'main' into bump-actions
2024-04-25 12:51:52 -04:00
mponaws
ac9c407320
Add starter-workflows for Policy Validator ( #2375 )
...
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator, removed references to GitHub secrets & S3 to keep it simple
2024-04-18 14:39:17 -05:00
Marco Gario
a3194f5b47
Update CodeQL workflow to use packages:read permission.
...
Co-authored-by: Anders Starcke Henriksen <starcke@github.com >
2024-04-11 09:42:21 +02:00
Rex P
ca5bcdc693
Add OSV-Scanner code scanning workflow ( #2350 )
...
* Add OSV-Scanner code scanning workflow
* Update code-scanning/osv-scanner.yml
Co-authored-by: Alexis Abril <alexisabril@github.com >
---------
Co-authored-by: Alexis Abril <alexisabril@github.com >
2024-04-09 22:21:33 -05:00
Josh Soref
cd4b67d0b4
Checkout: Update all workflows to use Checkout V4
2024-04-05 15:29:37 -04:00
Issy Long
31a3e00dab
codeql: Clarify that hosted larger runners only exist on GHEC
...
- Part of https://github.com/github/code-scanning/issues/13748 .
2024-04-03 10:23:11 +01:00
SOOS-GSteen
efd31e5f0f
update soos dash action commit hash / sarif action version / logo ( #2317 )
...
* Update soos-dast-scan.yml
* Update soos-dast-scan.yml
* Update soos.svg
* Update code-scanning/soos-dast-scan.yml
Co-authored-by: Alexis Abril <alexisabril@github.com >
---------
Co-authored-by: Alexis Abril <alexisabril@github.com >
2024-04-01 15:11:05 -05:00
Spencer Schrock
4620c76b38
update Scorecard Action hashes and version comments ( #2348 )
...
* update action hashes and version comments
ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore
change. https://blog.sigstore.dev/tuf-root-update/
Signed-off-by: Spencer Schrock <sschrock@google.com >
* downgrade actions/upload-artifact to node20 version of v3
dependabot will suggest upgrade to v4.3.1 for repos that can upgrade.
note: v3.pre.node20 is how dependabot refers to the pinned hash, so
use that so it can upgrade the comment
Signed-off-by: Spencer Schrock <sschrock@google.com >
* upgrade github/codeql-action/upload-sarif to v3.24.9
Signed-off-by: Spencer Schrock <sschrock@google.com >
---------
Signed-off-by: Spencer Schrock <sschrock@google.com >
Co-authored-by: Alexis Abril <alexisabril@github.com >
2024-03-27 13:25:03 -07:00
Andreas Deininger
831e9cb8e4
Bump workflow actions of various starter files ( #2210 )
2024-03-27 10:51:41 -07:00
Marco Gario
fdbad9c74f
Update codeql.yml
...
links to docs
2024-03-26 13:45:32 +01:00
Marco Gario
97c6254b5e
Merge branch 'main' into update_codeql_template
2024-03-26 13:35:12 +01:00
Marco Gario
aad9272438
Update codeql.yml
...
Limit matrix information in the job name to language by default
2024-03-26 13:18:17 +01:00
Chad Bentz
03277899f0
tfsec latest v0.1.4 ( #2318 )
2024-03-06 15:46:46 -06:00
Marco Gario
4a8c4e08b0
Update code-scanning/codeql.yml
...
Co-authored-by: Henry Mercer <henrymercer@github.com >
2024-02-19 15:57:02 +01:00
Marco Gario
8a973982d1
Update code-scanning/codeql.yml
...
Co-authored-by: Henry Mercer <henrymercer@github.com >
2024-02-19 15:54:06 +01:00
Marco Gario
05e4581159
Update codeql.yml with new build-mode
2024-02-15 09:01:39 +01:00
Jon Janego
8aab15dd49
Update code-scanning/dependency-review.yml
...
begone, whitespace
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com >
2024-02-07 09:06:01 -06:00
Jon Janego
ba9d3788e4
Changing default behavior to include comment summary in PR
...
also gave the workflow the appropriate permissions required, pull-requests: write
2024-02-06 12:55:25 -06:00
SOOS-GSteen
6e4aae97ef
soos-dast-scan.yml update ( #2240 )
...
* Update soos-dast-scan.yml
* use major version syntax
* code review
* lint
* Update soos-dast-scan.yml
2024-02-06 10:44:04 -06:00
Jon Janego
cea0111003
Update dependency-review.yml
...
removing extra whitespace
2024-01-29 14:38:17 -06:00
Chris Campbell
e67682c31c
Add perms for comment-summary-in-pr
2024-01-29 10:09:37 +00:00
Chris Campbell
a6ab3d3f95
Update dependency-review.yml
2024-01-29 09:05:18 +00:00
Chris Campbell
f9970771a8
Update dependency-review-action to v4
2024-01-29 08:47:36 +00:00
Chris Campbell
0d8fa6f490
Add $protected-branches to pull_request target
2024-01-26 09:03:10 +00:00
Chris Campbell
0239269003
Update to match standards in actions/starter-workflows/.../pull_request_template.md
2024-01-26 09:03:10 +00:00
Chris Campbell
aa49bd3095
Tidy up comments
2024-01-26 09:03:10 +00:00
Chris Campbell
11f5772f81
Update dependency-review.yml
2024-01-26 09:03:10 +00:00
Andrew Eisenberg
42326d0804
Clarify permisions on codeql-action starter
2024-01-09 12:22:16 -08:00
lsynopsys
4f4ef4e030
Synopsys Action's starter workflow ( #2234 )
...
* Synopsys action starter workflow
* Synopsys action - Address review comments
* Synopsys action - Address review comments 2
* Addressed review comments
* Fixed review comments
* Parameter changes accommodation
---------
Co-authored-by: kishorikumar <104522232+kishorikumar@users.noreply.github.com >
Co-authored-by: Alexis Abril <alexisabril@github.com >
2023-12-22 12:11:56 -06:00
Nick Fyson
3cb56ae6f3
update codeql.yml to reference node20 actions
2023-12-14 12:21:29 +00:00
Marco Gario
d4b398cf2d
Include protected branches in PR analyses
2023-12-04 10:24:28 +01:00
Philip Hayton
16ea338f2a
fix: bearer does not upload sarif report ( #2178 )
...
* fix: bearer does not upload sarif report
When issues are found the exit code is non zero and so the github action aborts before uploading the sarif report.
This change fixes that issues.
* chore: update bearer.yml following review
---------
Co-authored-by: Cédric Fabianski <cfabianski@me.com >
Co-authored-by: Cédric Fabianski <cedric@bearer.com >
2023-11-22 16:01:57 -06:00
Isabelle
c6c44522f3
Update to latest audit code version ( #2209 )
...
* Update to latest audit code version
* Fix Description
* Fix extra space in comments
2023-11-13 11:49:29 -06:00
David Verdeguer
61f8558b81
Update codeql.yml
2023-10-03 07:40:34 +02:00
Cédric Fabianski
9744b8f3b5
feat: add Bearer code scanning option
2023-07-17 15:30:33 +02:00
James M. Greene
0720e7f4d0
Merge branch 'main' into main
2023-07-13 11:00:22 -05:00
James M. Greene
652258c72a
Bump frogbot to v2.10.0
2023-07-13 11:00:03 -05:00
James M. Greene
257b26fcde
Merge branch 'main' into patch-3
2023-07-13 10:53:32 -05:00
James M. Greene
f186f33e75
Merge branch 'main' into patch-4
2023-07-13 09:43:51 -05:00
James M. Greene
ec351ca4a9
Delete trailing whitespace
2023-07-13 09:39:44 -05:00
James M. Greene
bbb14beb4a
Merge branch 'main' into patch-2
2023-07-13 09:37:46 -05:00
James M. Greene
d0ceca4fea
Compress the comment
2023-07-13 09:36:51 -05:00
delarea
c4caf17ee5
Update latest commit
2023-07-03 17:30:23 +03:00
Chad Bentz
2402be0dd2
Update code-scanning/codeql.yml
...
Co-authored-by: Nick Liffen <nickliffen@github.com >
2023-06-15 16:46:40 -04:00
Jamie Scott
03ce4e088f
Fix Linter Issues
2023-06-15 10:36:30 -07:00
Jamie Scott
ebf081c724
Merge branch 'main' into js/endorlabs-update
2023-06-15 09:17:45 -07:00
Jamie Scott
6da5a650b9
Update case and spacing
2023-06-15 09:13:08 -07:00
Jamie Scott
c6e2cb88e6
Add comments header
2023-06-15 09:11:51 -07:00
Jonathan Tamsut
768f356939
Merge branch 'main' into psalm-starter-workflow
2023-06-14 11:20:12 -07:00