* Update Fortify logo
* Update fortify workflow
Update positioning, Github action versions, Java version and add in Debricked packaging support
* Update fortify.properties.json
Update languages and creator
* Update fortify.yml
Update triggers based on latest starter workflow guidelines
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/properties/fortify.properties.json
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update fortify.yml
* Update fortify.properties.json
* Update fortify.yml
Update starter workflow to use new unified Fortify AST Action
* Update fortify.yml
* Update fortify.yml
* Update fortify.yml
Refine workflow comments
* Update fortify.yml
Bump checkout action version
* Update fortify.yml
* Update fortify.yml
* Update fortify.yml
One final clean up
* Update fortify.properties.json
* Update fortify.yml
* Update fortify.yml
* Update fortify.properties.json
Update with support for Bicep and Solidity
* Update fortify.properties.json
Uppercase "Solidity" for consistency
* Change v1 to commit hash
---------
Co-authored-by: James M. Greene <JamesMGreene@github.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator, removed references to GitHub secrets & S3 to keep it simple
Simplifying the CODEOWNERS file to allow respective teams the capabilities to manage PRs as responsibilities have been updated recently. In the short term, this will add notifications to folks for each team.
* update action hashes and version comments
ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore
change. https://blog.sigstore.dev/tuf-root-update/
Signed-off-by: Spencer Schrock <sschrock@google.com>
* downgrade actions/upload-artifact to node20 version of v3
dependabot will suggest upgrade to v4.3.1 for repos that can upgrade.
note: v3.pre.node20 is how dependabot refers to the pinned hash, so
use that so it can upgrade the comment
Signed-off-by: Spencer Schrock <sschrock@google.com>
* upgrade github/codeql-action/upload-sarif to v3.24.9
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Alexis Abril <alexisabril@github.com>