diff --git a/.github/workflows/e2e_test_reusable.yml b/.github/workflows/e2e_test_reusable.yml index 21f82df56c..4ea6b5e4da 100644 --- a/.github/workflows/e2e_test_reusable.yml +++ b/.github/workflows/e2e_test_reusable.yml @@ -69,7 +69,7 @@ jobs: # Upload Cypress screenshots as artifact if a test fails - name: Upload screenshots if failure if: failure() # This step will run only if the previous step fails - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 with: path: frontend/cypress/${{ steps.get-filename.outputs.TEST_FILE }}/screenshots # Update this path based on your project structure name: cypress-screenshots @@ -84,7 +84,7 @@ jobs: # Upload logs as artifact - name: Upload logs as artifact if: always() # Ensure this runs, even if E2E fails - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 with: # Set the path to the log file path: full-stack-logs-${{ steps.get-filename.outputs.TEST_FILE }}.log diff --git a/.github/workflows/nightly_scans.yml b/.github/workflows/nightly_scans.yml index 1d7a2d49f4..ba419ee43c 100644 --- a/.github/workflows/nightly_scans.yml +++ b/.github/workflows/nightly_scans.yml @@ -34,6 +34,6 @@ jobs: uses: SvanBoxel/zaproxy-to-ghas@cfc77481d74a17a4c3d6b753aa9d7abef453d501 # v1.0.2 - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/security_codeql.yml b/.github/workflows/security_codeql.yml index 9542eeee5c..bb6f6cc001 100644 --- a/.github/workflows/security_codeql.yml +++ b/.github/workflows/security_codeql.yml @@ -22,7 +22,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 with: languages: javascript, python # If you wish to specify custom queries, you can do so here or in a config file. @@ -33,4 +33,4 @@ jobs: queries: +security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 diff --git a/.github/workflows/security_semgrep.yml b/.github/workflows/security_semgrep.yml index 6d8d740976..665dbbd070 100644 --- a/.github/workflows/security_semgrep.yml +++ b/.github/workflows/security_semgrep.yml @@ -9,7 +9,7 @@ jobs: name: Semgrep Analyze runs-on: ubuntu-latest container: - image: returntocorp/semgrep@sha256:975ed25baee7baa0d224bebb981a628b3ed6c9c2ddd04b47524220939c4b7fb2 # 1.47.0 + image: returntocorp/semgrep@sha256:eef3647dcf3036badb162c491756a7a95bc551b94ae5e9cac08bd22d2cb822ef # 1.47.0 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 @@ -25,7 +25,7 @@ jobs: SEMGREP_RULES: "p/default" - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 with: sarif_file: ${{ env.SEMGREP_TO_UPLOAD }} if: always()