diff --git a/.github/workflows/103_unit-test.yml b/.github/workflows/103_unit-test.yml index f9173a4ef..4f8a933f0 100644 --- a/.github/workflows/103_unit-test.yml +++ b/.github/workflows/103_unit-test.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: '1.22' - name: Test diff --git a/.github/workflows/104_sast.yml b/.github/workflows/104_sast.yml index 989716d66..823399fe5 100644 --- a/.github/workflows/104_sast.yml +++ b/.github/workflows/104_sast.yml @@ -28,11 +28,11 @@ jobs: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/init@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: languages: 'go' - name: Analyze - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/analyze@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 golangci-lint: runs-on: ubuntu-latest @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: cache: false go-version: '1.21' @@ -69,7 +69,7 @@ jobs: with: args: "-exclude-dir=test -exclude-dir=tools ${{ inputs.output == 'sarif' && '-no-fail -fmt sarif -out gosec-results.sarif' || '-fmt text' }} ./..." - name: Upload - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 if: inputs.output == 'sarif' with: sarif_file: 'gosec-results.sarif' @@ -92,7 +92,7 @@ jobs: no-fail: ${{ inputs.output == 'sarif' && 'true' || 'false' }} output-file: ${{ inputs.output == 'sarif' && 'hadolint-results.sarif' || '' }} - name: Upload - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 if: inputs.output == 'sarif' with: sarif_file: 'hadolint-results.sarif' @@ -115,7 +115,7 @@ jobs: format: ${{ inputs.output == 'sarif' && 'sarif' || 'plain' }} output-file: ${{ inputs.output == 'sarif' && 'kubelinter-results.sarif' || 'kube-linter.log' }} - name: Upload - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 if: inputs.output == 'sarif' with: sarif_file: 'kubelinter-results.sarif' @@ -155,7 +155,7 @@ jobs: format: ${{ inputs.output }} output: ${{ inputs.output == 'sarif' && 'reports/trivy-docker-results.sarif' || '' }} - name: Upload - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 if: inputs.output == 'sarif' with: sarif_file: 'reports' diff --git a/.github/workflows/105_sca.yml b/.github/workflows/105_sca.yml index 62ce24d89..ada98c6cd 100644 --- a/.github/workflows/105_sca.yml +++ b/.github/workflows/105_sca.yml @@ -64,6 +64,6 @@ jobs: TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db # Workaround for https://github.com/aquasecurity/trivy-action/issues/389 - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: sarif_file: 'reports'