|
|
@@ -30,11 +30,11 @@ jobs:
|
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
|
with:
|
|
|
persist-credentials: false
|
|
|
- - uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
|
|
|
+ - uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
|
|
|
with:
|
|
|
languages: ${{ matrix.language }}
|
|
|
- - uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
|
|
|
- - uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
|
|
|
+ - uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
|
|
|
+ - uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
|
|
|
|
|
|
grype:
|
|
|
runs-on: ubuntu-latest
|
|
|
@@ -46,13 +46,13 @@ jobs:
|
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
|
with:
|
|
|
persist-credentials: false
|
|
|
- - uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
|
|
|
+ - uses: anchore/scan-action@62b74fb7bb810d2c45b1865f47a77655621862a5 # v7.2.3
|
|
|
id: scan
|
|
|
with:
|
|
|
path: "."
|
|
|
fail-build: true
|
|
|
severity-cutoff: critical
|
|
|
- - uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
|
|
|
+ - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
|
|
|
with:
|
|
|
sarif_file: ${{ steps.scan.outputs.sarif }}
|
|
|
|
|
|
@@ -73,7 +73,7 @@ jobs:
|
|
|
- name: Run govulncheck
|
|
|
run: |
|
|
|
govulncheck -C . -format sarif ./... > results.sarif
|
|
|
- - uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
|
|
|
+ - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
|
|
|
with:
|
|
|
sarif_file: results.sarif
|
|
|
|
dependabot[bot]