From 3a0ba055605ab7182b4b1b2cea2c96c55471772c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:53:03 +0000 Subject: [PATCH] chore(deps): update github/codeql-action action to v3 --- .github/workflows/anchore.yml | 2 +- .github/workflows/apisec-scan.yml | 2 +- .github/workflows/brakeman.yml | 2 +- .github/workflows/checkmarx.yml | 2 +- .github/workflows/clj-holmes.yml | 2 +- .github/workflows/clj-watson.yml | 2 +- .github/workflows/codacy.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/codescan.yml | 2 +- .github/workflows/codescaner-analysis.yml | 2 +- .github/workflows/detekt.yml | 2 +- .github/workflows/devskim.yml | 2 +- .github/workflows/eslint.yml | 2 +- .github/workflows/fortify.yml | 2 +- .github/workflows/hadolint.yml | 2 +- .github/workflows/kubesec.yml | 2 +- .github/workflows/mayhem-for-api.yml | 2 +- .github/workflows/mobsf.yml | 2 +- .github/workflows/njsscan.yml | 2 +- .github/workflows/nowsecure.yml | 2 +- .github/workflows/ossar-analysis.yml | 2 +- .github/workflows/ossar.yml | 2 +- .github/workflows/pmd.yml | 2 +- .github/workflows/powershell.yml | 2 +- .github/workflows/rubocop.yml | 2 +- .github/workflows/rust-clippy.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/securitycodescan.yml | 2 +- .github/workflows/semgrep.yml | 2 +- .github/workflows/snyk-container.yml | 2 +- .github/workflows/snyk-infrastructure.yml | 2 +- .github/workflows/sobelow.yml | 2 +- .github/workflows/synopsys-io.yml | 2 +- .github/workflows/sysdig-scan.yml | 2 +- .github/workflows/tfsec.yml | 2 +- .github/workflows/trivy.yml | 2 +- .github/workflows/veracode.yml | 2 +- .github/workflows/xanitizer.yml | 2 +- 38 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml index a16cd59..86787f8 100644 --- a/.github/workflows/anchore.yml +++ b/.github/workflows/anchore.yml @@ -40,6 +40,6 @@ jobs: image: "localbuild/testimage:latest" acs-report-enable: true - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml index d38090a..2866cc8 100644 --- a/.github/workflows/apisec-scan.yml +++ b/.github/workflows/apisec-scan.yml @@ -64,6 +64,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./apisec-results.sarif diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml index 1ef898b..9629442 100644 --- a/.github/workflows/brakeman.yml +++ b/.github/workflows/brakeman.yml @@ -52,6 +52,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: output.sarif.json diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml index f3e8062..c670a27 100644 --- a/.github/workflows/checkmarx.yml +++ b/.github/workflows/checkmarx.yml @@ -49,6 +49,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: cx.sarif diff --git a/.github/workflows/clj-holmes.yml b/.github/workflows/clj-holmes.yml index 3dc860c..1d6cb63 100644 --- a/.github/workflows/clj-holmes.yml +++ b/.github/workflows/clj-holmes.yml @@ -37,7 +37,7 @@ jobs: fail-on-result: 'false' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/clj-holmes-results.sarif ait-for-processing: true diff --git a/.github/workflows/clj-watson.yml b/.github/workflows/clj-watson.yml index 92f9dbf..254ad45 100644 --- a/.github/workflows/clj-watson.yml +++ b/.github/workflows/clj-watson.yml @@ -47,7 +47,7 @@ jobs: fail-on-result: false - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{github.workspace}}/clj-watson-results.sarif wait-for-processing: true diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 015cebc..83fb1c7 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -55,6 +55,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7d33837..b5bd395 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -69,7 +69,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v3 env: diff --git a/.github/workflows/codescan.yml b/.github/workflows/codescan.yml index d52cf12..2951a48 100644 --- a/.github/workflows/codescan.yml +++ b/.github/workflows/codescan.yml @@ -43,6 +43,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: codescan.sarif diff --git a/.github/workflows/codescaner-analysis.yml b/.github/workflows/codescaner-analysis.yml index 9dde7b9..4a0a21a 100644 --- a/.github/workflows/codescaner-analysis.yml +++ b/.github/workflows/codescaner-analysis.yml @@ -32,6 +32,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: codescan.sarif diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 0c22dbc..dc50f23 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -111,7 +111,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index ebe3c96..dae73b7 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -29,7 +29,7 @@ jobs: uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: devskim-results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 77708b4..755e564 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -43,7 +43,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: eslint-results.sarif wait-for-processing: true diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index f0edc7d..277a78d 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -93,6 +93,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./gh-fortify-sast.sarif diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index b5375f0..adfe314 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -41,7 +41,7 @@ jobs: no-fail: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: hadolint-results.sarif wait-for-processing: true diff --git a/.github/workflows/kubesec.yml b/.github/workflows/kubesec.yml index 84b17b8..6172e92 100644 --- a/.github/workflows/kubesec.yml +++ b/.github/workflows/kubesec.yml @@ -36,6 +36,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: kubesec-results.sarif diff --git a/.github/workflows/mayhem-for-api.yml b/.github/workflows/mayhem-for-api.yml index 2a2b820..f6f7566 100644 --- a/.github/workflows/mayhem-for-api.yml +++ b/.github/workflows/mayhem-for-api.yml @@ -61,6 +61,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: mapi.sarif diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml index adca965..64f7598 100644 --- a/.github/workflows/mobsf.yml +++ b/.github/workflows/mobsf.yml @@ -37,7 +37,7 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml index 4707323..fecf7ba 100644 --- a/.github/workflows/njsscan.yml +++ b/.github/workflows/njsscan.yml @@ -36,7 +36,7 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/nowsecure.yml b/.github/workflows/nowsecure.yml index 5581d1d..45000fa 100644 --- a/.github/workflows/nowsecure.yml +++ b/.github/workflows/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: NowSecure.sarif diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml index 2ab5a2f..86eb62a 100644 --- a/.github/workflows/ossar-analysis.yml +++ b/.github/workflows/ossar-analysis.yml @@ -39,6 +39,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index 79feada..c265675 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -50,7 +50,7 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} - name: Upload coverage reports to Codecov diff --git a/.github/workflows/pmd.yml b/.github/workflows/pmd.yml index b92e7ef..30affbe 100644 --- a/.github/workflows/pmd.yml +++ b/.github/workflows/pmd.yml @@ -37,7 +37,7 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: pmd-report.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml index 7093036..7058a2f 100644 --- a/.github/workflows/powershell.yml +++ b/.github/workflows/powershell.yml @@ -43,7 +43,7 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - name: Upload coverage reports to Codecov diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml index b9decee..60eceb6 100644 --- a/.github/workflows/rubocop.yml +++ b/.github/workflows/rubocop.yml @@ -47,6 +47,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: rubocop.sarif diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index c692045..fc25525 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -48,7 +48,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: rust-clippy-results.sarif wait-for-processing: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6775364..b931a39 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@004c5de30b6423267685b897a3d595e944f7fed5 # v2.20.2 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif diff --git a/.github/workflows/securitycodescan.yml b/.github/workflows/securitycodescan.yml index d53247d..092766a 100644 --- a/.github/workflows/securitycodescan.yml +++ b/.github/workflows/securitycodescan.yml @@ -38,4 +38,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@579058214e4be88ce9eea302f1fb74df1b8bc1ed - name: Upload sarif - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 2d6b88a..729b86e 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -42,7 +42,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: semgrep.sarif if: always() diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml index f40bddf..fcec811 100644 --- a/.github/workflows/snyk-container.yml +++ b/.github/workflows/snyk-container.yml @@ -49,6 +49,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml index c86ff72..c943a96 100644 --- a/.github/workflows/snyk-infrastructure.yml +++ b/.github/workflows/snyk-infrastructure.yml @@ -48,6 +48,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml index cbfc298..9cfd5de 100644 --- a/.github/workflows/sobelow.yml +++ b/.github/workflows/sobelow.yml @@ -35,6 +35,6 @@ jobs: - id: run-action uses: sobelow/action@85a7af55ecfe77cbecbae704398af72df079165e - name: Upload report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/synopsys-io.yml b/.github/workflows/synopsys-io.yml index f5827df..bff5f89 100644 --- a/.github/workflows/synopsys-io.yml +++ b/.github/workflows/synopsys-io.yml @@ -71,7 +71,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/.github/workflows/sysdig-scan.yml b/.github/workflows/sysdig-scan.yml index 9324c2b..15191c1 100644 --- a/.github/workflows/sysdig-scan.yml +++ b/.github/workflows/sysdig-scan.yml @@ -54,7 +54,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 #Upload SARIF file if: always() with: diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index bcc6373..fc1cd63 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 35aaeb4..b703a66 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -42,6 +42,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 7c71b4d..42d157b 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -52,7 +52,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@99c541b171135ee0e29d3e5b938f74d88b0c5787 with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/.github/workflows/xanitizer.yml b/.github/workflows/xanitizer.yml index eb08a9e..ab3a6d3 100644 --- a/.github/workflows/xanitizer.yml +++ b/.github/workflows/xanitizer.yml @@ -94,6 +94,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v2 + - uses: github/codeql-action/upload-sarif@v3 with: sarif_file: Xanitizer-Findings-List.sarif