Merge branch 'main' into OCI-263-support-disable-active-verification-…

…flag
orcasecurity · Aug 22, 2024 · 39e797c · 39e797c
2 parents 0245309 + 600ccf2
commit 39e797c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 28 deletions.
diff --git a/.github/workflows/test-fs-action-sarif.yaml b/.github/workflows/test-fs-action-sarif.yaml
@@ -9,25 +9,19 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # ratchet:actions/checkout@v4
       - name: Scan FS
         id: orcasecurity_fs_scan
         uses: ./
         with:
-          api_token:
-            ${{ secrets.ORCA_SECURITY_API_TOKEN }}
-          project_key:
-            "default"
-          path:
-            "test"
-          format:
-            "sarif"
-          output:
-            "results/"
+          api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
+          project_key: "default"
+          path: "test"
+          format: "sarif"
+          output: "results/"
           console_output: "table"
-
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # ratchet:github/codeql-action/upload-sarif@v3
         if: ${{ always() && steps.orcasecurity_fs_scan.outputs.exit_code != 1 }}
         with:
           sarif_file: results/file_system.sarif
diff --git a/.github/workflows/test-fs-action.yaml b/.github/workflows/test-fs-action.yaml
@@ -7,22 +7,17 @@ jobs:
   fs_scan_job:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # ratchet:actions/checkout@v4
       - name: Scan FS
         uses: ./
         with:
-          api_token:
-            ${{ secrets.ORCA_SECURITY_API_TOKEN }}
-          project_key:
-            "default"
-          path:
-            "test"
-          format:
-            "json"
-          output:
-            "results/"
+          api_token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
+          project_key: "default"
+          path: "test"
+          format: "json"
+          output: "results/"
           console_output: "table"
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # ratchet:actions/upload-artifact@v4
         if: always()
         with:
           name: orca-results

diff --git a/README.md b/README.md
@@ -45,7 +45,7 @@ jobs:
     steps:
       # Checkout your repository under $GITHUB_WORKSPACE, so your job can access it
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run Orca FS Scan
         uses: orcasecurity/shiftleft-fs-action@v1
@@ -118,7 +118,7 @@ jobs:
       PROJECT_KEY: <project key> # Set the desired project to run the cli scanning with
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run Orca FS Scan
         id: orcasecurity_fs_scan
@@ -131,7 +131,7 @@ jobs:
           output:
             "results/"
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         if: ${{ always() && steps.orcasecurity_fs_scan.outputs.exit_code != 1 }}
         with:
           sarif_file: results/file_system.sarif