Files
starter-workflows/code-scanning
Spencer Schrock 4620c76b38 update Scorecard Action hashes and version comments (#2348)
* update action hashes and version comments

ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore
change. https://blog.sigstore.dev/tuf-root-update/

Signed-off-by: Spencer Schrock <sschrock@google.com>

* downgrade actions/upload-artifact to node20 version of v3

dependabot will suggest upgrade to v4.3.1 for repos that can upgrade.
note: v3.pre.node20 is how dependabot refers to the pinned hash, so
use that so it can upgrade the comment

Signed-off-by: Spencer Schrock <sschrock@google.com>

* upgrade github/codeql-action/upload-sarif to v3.24.9

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-03-27 13:25:03 -07:00
..
2023-03-04 18:12:33 +05:30
2023-01-23 11:10:50 +05:30
2022-11-30 10:21:45 +00:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2024-03-26 13:45:32 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2023-03-24 14:14:25 +00:00
2022-12-08 09:57:36 +02:00
2023-02-21 18:20:42 +05:30
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2023-07-13 11:00:03 -05:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2023-01-27 14:13:37 +01:00
2022-06-06 18:04:42 -04:00
2022-06-06 18:06:03 -04:00
2021-04-17 14:08:56 -04:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-12-08 06:10:22 +00:00
2022-03-28 22:40:48 +05:30
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2024-03-06 15:46:46 -06:00
2023-05-30 09:56:36 -04:00
2022-11-04 20:45:41 +01:00
2022-11-04 20:45:41 +01:00
2022-11-08 14:09:19 +01:00

Code Scanning Workflows

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Before you can configure code scanning for a repository, you must enable code scanning by adding a GitHub Actions workflow to the repository. For more information, see Setting up code scanning for a repository.