File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2020 attestations : write
2121 steps :
2222 - name : Harden runner
23- uses : step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
23+ uses : step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
2424 with :
2525 egress-policy : audit
2626
4646 "
4747
4848 - name : Generate CycloneDX SBOM
49- uses : anchore/sbom-action@17ae1740179002c89186b61233e0f892c3118b11 # v0.23.0
49+ uses : anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
5050 with :
5151 path : .
5252 format : cyclonedx-json
5555 upload-release-assets : false
5656
5757 - name : Generate SPDX SBOM
58- uses : anchore/sbom-action@17ae1740179002c89186b61233e0f892c3118b11 # v0.23.0
58+ uses : anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
5959 with :
6060 path : .
6161 format : spdx-json
Original file line number Diff line number Diff line change @@ -27,13 +27,13 @@ jobs:
2727 steps :
2828 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2929 - name : Initialize CodeQL
30- uses : github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
30+ uses : github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
3131 with :
3232 languages : ${{ matrix.language }}
3333 queries : +security-extended
3434 - name : Autobuild
35- uses : github/codeql-action/autobuild@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
35+ uses : github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
3636 - name : Perform CodeQL Analysis
37- uses : github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
37+ uses : github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
3838 with :
3939 category : " /language:${{ matrix.language }}"
Original file line number Diff line number Diff line change 1818 if : github.event.pull_request.head.repo.full_name == github.repository
1919 runs-on : ubuntu-latest
2020 steps :
21- - uses : step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
21+ - uses : step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
2222 with :
2323 egress-policy : audit
2424
Original file line number Diff line number Diff line change 3838 retention-days : 5
3939
4040 - name : Upload to code-scanning
41- uses : github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
41+ uses : github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
4242 with :
4343 sarif_file : results.sarif
Original file line number Diff line number Diff line change 2525 - name : Run Semgrep
2626 run : semgrep scan --config p/python --config p/owasp-top-ten --sarif -o semgrep.sarif .
2727 - name : Upload SARIF
28- uses : github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
28+ uses : github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
2929 if : always()
3030 with :
3131 sarif_file : semgrep.sarif
You can’t perform that action at this time.
0 commit comments