* Update Fortify logo
* Update fortify workflow
Update positioning, Github action versions, Java version and add in Debricked packaging support
* Update fortify.properties.json
Update languages and creator
* Update fortify.yml
Update triggers based on latest starter workflow guidelines
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/properties/fortify.properties.json
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update fortify.yml
* Update fortify.properties.json
* Update fortify.yml
Update starter workflow to use new unified Fortify AST Action
* Update fortify.yml
* Update fortify.yml
* Update fortify.yml
Refine workflow comments
* Update fortify.yml
Bump checkout action version
* Update fortify.yml
* Update fortify.yml
* Update fortify.yml
One final clean up
* Update fortify.properties.json
* Update fortify.yml
* Update fortify.yml
* Update fortify.properties.json
Update with support for Bicep and Solidity
* Update fortify.properties.json
Uppercase "Solidity" for consistency
* Change v1 to commit hash
---------
Co-authored-by: James M. Greene <JamesMGreene@github.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator, removed references to GitHub secrets & S3 to keep it simple
* update action hashes and version comments
ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore
change. https://blog.sigstore.dev/tuf-root-update/
Signed-off-by: Spencer Schrock <sschrock@google.com>
* downgrade actions/upload-artifact to node20 version of v3
dependabot will suggest upgrade to v4.3.1 for repos that can upgrade.
note: v3.pre.node20 is how dependabot refers to the pinned hash, so
use that so it can upgrade the comment
Signed-off-by: Spencer Schrock <sschrock@google.com>
* upgrade github/codeql-action/upload-sarif to v3.24.9
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Alexis Abril <alexisabril@github.com>
* fix: bearer does not upload sarif report
When issues are found the exit code is non zero and so the github action aborts before uploading the sarif report.
This change fixes that issues.
* chore: update bearer.yml following review
---------
Co-authored-by: Cédric Fabianski <cfabianski@me.com>
Co-authored-by: Cédric Fabianski <cedric@bearer.com>