From 145cc00ea60e3605ef3051634824777b599db601 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Jun 2024 18:37:36 +0000 Subject: [PATCH] chore(deps): update github/codeql-action action to v3 --- .github/workflows/anchore.yml | 2 +- .github/workflows/apisec-scan.yml | 2 +- .github/workflows/brakeman.yml | 2 +- .github/workflows/checkmarx.yml | 2 +- .github/workflows/clj-holmes.yml | 2 +- .github/workflows/clj-watson.yml | 2 +- .github/workflows/codacy.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/codescan.yml | 2 +- .github/workflows/codescaner-analysis.yml | 2 +- .github/workflows/detekt.yml | 2 +- .github/workflows/devskim.yml | 2 +- .github/workflows/eslint.yml | 2 +- .github/workflows/fortify.yml | 2 +- .github/workflows/hadolint.yml | 2 +- .github/workflows/kubesec.yml | 2 +- .github/workflows/mayhem-for-api.yml | 2 +- .github/workflows/mobsf.yml | 2 +- .github/workflows/njsscan.yml | 2 +- .github/workflows/nowsecure.yml | 2 +- .github/workflows/ossar-analysis.yml | 2 +- .github/workflows/ossar.yml | 2 +- .github/workflows/pmd.yml | 2 +- .github/workflows/powershell.yml | 2 +- .github/workflows/rubocop.yml | 2 +- .github/workflows/rust-clippy.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/securitycodescan.yml | 2 +- .github/workflows/semgrep.yml | 2 +- .github/workflows/snyk-container.yml | 2 +- .github/workflows/snyk-infrastructure.yml | 2 +- .github/workflows/sobelow.yml | 2 +- .github/workflows/synopsys-io.yml | 2 +- .github/workflows/sysdig-scan.yml | 2 +- .github/workflows/tfsec.yml | 2 +- .github/workflows/trivy.yml | 2 +- .github/workflows/veracode.yml | 2 +- .github/workflows/xanitizer.yml | 2 +- 38 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml index 878adc4..bf95a2d 100644 --- a/.github/workflows/anchore.yml +++ b/.github/workflows/anchore.yml @@ -40,6 +40,6 @@ jobs: image: "localbuild/testimage:latest" acs-report-enable: true - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml index 5d2d47b..4bde9a2 100644 --- a/.github/workflows/apisec-scan.yml +++ b/.github/workflows/apisec-scan.yml @@ -64,6 +64,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./apisec-results.sarif diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml index 207ce9c..bf1061a 100644 --- a/.github/workflows/brakeman.yml +++ b/.github/workflows/brakeman.yml @@ -52,6 +52,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: output.sarif.json diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml index 1138db3..3c9a385 100644 --- a/.github/workflows/checkmarx.yml +++ b/.github/workflows/checkmarx.yml @@ -49,6 +49,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: cx.sarif diff --git a/.github/workflows/clj-holmes.yml b/.github/workflows/clj-holmes.yml index 480f215..d98e080 100644 --- a/.github/workflows/clj-holmes.yml +++ b/.github/workflows/clj-holmes.yml @@ -37,7 +37,7 @@ jobs: fail-on-result: 'false' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/clj-holmes-results.sarif ait-for-processing: true diff --git a/.github/workflows/clj-watson.yml b/.github/workflows/clj-watson.yml index 20c0564..e23fbfd 100644 --- a/.github/workflows/clj-watson.yml +++ b/.github/workflows/clj-watson.yml @@ -47,7 +47,7 @@ jobs: fail-on-result: false - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/clj-watson-results.sarif wait-for-processing: true diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index bca5600..df47fe5 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -55,6 +55,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e84ec2c..eb721b2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -69,7 +69,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v3 env: diff --git a/.github/workflows/codescan.yml b/.github/workflows/codescan.yml index 79006ad..edb1100 100644 --- a/.github/workflows/codescan.yml +++ b/.github/workflows/codescan.yml @@ -43,6 +43,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: codescan.sarif diff --git a/.github/workflows/codescaner-analysis.yml b/.github/workflows/codescaner-analysis.yml index 2804ef6..d067baf 100644 --- a/.github/workflows/codescaner-analysis.yml +++ b/.github/workflows/codescaner-analysis.yml @@ -32,6 +32,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: codescan.sarif diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index d42c42c..42b63c9 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -111,7 +111,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 417f182..badc040 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -29,7 +29,7 @@ jobs: uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: devskim-results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 22b9c5d..75cc9e0 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -43,7 +43,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: eslint-results.sarif wait-for-processing: true diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index b399e52..cf316ec 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -93,6 +93,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./gh-fortify-sast.sarif diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index cca782c..0e9bb17 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -41,7 +41,7 @@ jobs: no-fail: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: hadolint-results.sarif wait-for-processing: true diff --git a/.github/workflows/kubesec.yml b/.github/workflows/kubesec.yml index 552dddc..dd35fb8 100644 --- a/.github/workflows/kubesec.yml +++ b/.github/workflows/kubesec.yml @@ -36,6 +36,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: kubesec-results.sarif diff --git a/.github/workflows/mayhem-for-api.yml b/.github/workflows/mayhem-for-api.yml index 8dc3181..ab73c5d 100644 --- a/.github/workflows/mayhem-for-api.yml +++ b/.github/workflows/mayhem-for-api.yml @@ -61,6 +61,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: mapi.sarif diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml index d077ba3..80eb1f3 100644 --- a/.github/workflows/mobsf.yml +++ b/.github/workflows/mobsf.yml @@ -37,7 +37,7 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml index 95d7d9f..779f2ad 100644 --- a/.github/workflows/njsscan.yml +++ b/.github/workflows/njsscan.yml @@ -36,7 +36,7 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/nowsecure.yml b/.github/workflows/nowsecure.yml index edfeaab..9ba601d 100644 --- a/.github/workflows/nowsecure.yml +++ b/.github/workflows/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: NowSecure.sarif diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml index 460c678..c9d4e55 100644 --- a/.github/workflows/ossar-analysis.yml +++ b/.github/workflows/ossar-analysis.yml @@ -39,6 +39,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index c86ca2a..b9934af 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -50,7 +50,7 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} - name: Upload coverage reports to Codecov diff --git a/.github/workflows/pmd.yml b/.github/workflows/pmd.yml index ecc70d7..5f5dce6 100644 --- a/.github/workflows/pmd.yml +++ b/.github/workflows/pmd.yml @@ -37,7 +37,7 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: pmd-report.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml index 528c153..58ef5de 100644 --- a/.github/workflows/powershell.yml +++ b/.github/workflows/powershell.yml @@ -43,7 +43,7 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml index e5fb460..53456bd 100644 --- a/.github/workflows/rubocop.yml +++ b/.github/workflows/rubocop.yml @@ -47,6 +47,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: rubocop.sarif diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index 6603848..4346392 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -48,7 +48,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3e77b92..ba12e93 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@004c5de30b6423267685b897a3d595e944f7fed5 # v2.20.2 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: sarif_file: results.sarif diff --git a/.github/workflows/securitycodescan.yml b/.github/workflows/securitycodescan.yml index c47254c..f0df347 100644 --- a/.github/workflows/securitycodescan.yml +++ b/.github/workflows/securitycodescan.yml @@ -38,4 +38,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@579058214e4be88ce9eea302f1fb74df1b8bc1ed - name: Upload sarif - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index ed26c02..3c7fee6 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -42,7 +42,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: semgrep.sarif if: always() diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml index bc3ab94..d52af3e 100644 --- a/.github/workflows/snyk-container.yml +++ b/.github/workflows/snyk-container.yml @@ -49,6 +49,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml index 10dcd72..fa41467 100644 --- a/.github/workflows/snyk-infrastructure.yml +++ b/.github/workflows/snyk-infrastructure.yml @@ -48,6 +48,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml index ac0a75b..a2fcaf0 100644 --- a/.github/workflows/sobelow.yml +++ b/.github/workflows/sobelow.yml @@ -35,6 +35,6 @@ jobs: - id: run-action uses: sobelow/action@85a7af55ecfe77cbecbae704398af72df079165e - name: Upload report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/synopsys-io.yml b/.github/workflows/synopsys-io.yml index 3797e95..aa18527 100644 --- a/.github/workflows/synopsys-io.yml +++ b/.github/workflows/synopsys-io.yml @@ -71,7 +71,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/.github/workflows/sysdig-scan.yml b/.github/workflows/sysdig-scan.yml index 7790ad0..cdfbfd9 100644 --- a/.github/workflows/sysdig-scan.yml +++ b/.github/workflows/sysdig-scan.yml @@ -54,7 +54,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 #Upload SARIF file if: always() with: diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 538d852..600500f 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 6546367..3145c57 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -42,6 +42,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index f1a81fc..2063466 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -52,7 +52,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@99c541b171135ee0e29d3e5b938f74d88b0c5787 with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/.github/workflows/xanitizer.yml b/.github/workflows/xanitizer.yml index ea58bfd..60c010f 100644 --- a/.github/workflows/xanitizer.yml +++ b/.github/workflows/xanitizer.yml @@ -94,6 +94,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: sarif_file: Xanitizer-Findings-List.sarif