* Update Fortify logo
* Update fortify workflow
Update positioning, Github action versions, Java version and add in Debricked packaging support
* Update fortify.properties.json
Update languages and creator
* Update fortify.yml
Update triggers based on latest starter workflow guidelines
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/properties/fortify.properties.json
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update code-scanning/fortify.yml
Co-authored-by: James M. Greene <JamesMGreene@github.com>
* Update fortify.yml
* Update fortify.properties.json
* Update fortify.yml
Update starter workflow to use new unified Fortify AST Action
* Update fortify.yml
* Update fortify.yml
* Update fortify.yml
Refine workflow comments
* Update fortify.yml
Bump checkout action version
* Update fortify.yml
* Update fortify.yml
* Update fortify.yml
One final clean up
* Update fortify.properties.json
* Update fortify.yml
* Update fortify.yml
* Update fortify.properties.json
Update with support for Bicep and Solidity
* Update fortify.properties.json
Uppercase "Solidity" for consistency
* Change v1 to commit hash
---------
Co-authored-by: James M. Greene <JamesMGreene@github.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator
* Add starter-workflows for Policy Validator, removed references to GitHub secrets & S3 to keep it simple
* update action hashes and version comments
ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore
change. https://blog.sigstore.dev/tuf-root-update/
Signed-off-by: Spencer Schrock <sschrock@google.com>
* downgrade actions/upload-artifact to node20 version of v3
dependabot will suggest upgrade to v4.3.1 for repos that can upgrade.
note: v3.pre.node20 is how dependabot refers to the pinned hash, so
use that so it can upgrade the comment
Signed-off-by: Spencer Schrock <sschrock@google.com>
* upgrade github/codeql-action/upload-sarif to v3.24.9
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Alexis Abril <alexisabril@github.com>