diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0fa554e..49e3aaf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,14 +36,14 @@ jobs: steps: - uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml queries: security-extended,security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/devsecops-pipeline.yml b/.github/workflows/devsecops-pipeline.yml index 3a6607e..1b615b5 100644 --- a/.github/workflows/devsecops-pipeline.yml +++ b/.github/workflows/devsecops-pipeline.yml @@ -108,7 +108,7 @@ jobs: [ -f semgrep.sarif ] || echo '{"version":"2.1.0","runs":[{"tool":{"driver":{"name":"semgrep"}},"results":[]}]}' > semgrep.sarif - name: Upload SARIF to code scanning if: always() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: semgrep.sarif category: semgrep @@ -176,7 +176,7 @@ jobs: continue-on-error: true - name: Upload SARIF to code scanning (Trivy fs) if: always() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: trivy-fs.sarif category: trivy-fs @@ -312,7 +312,7 @@ jobs: ./conftest test sample-app/Dockerfile --parser dockerfile --policy policy/opa --output json > conftest-dockerfile.json || true - name: Upload SARIF to code scanning (Checkov) if: always() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: checkov.sarif category: checkov @@ -473,13 +473,13 @@ jobs: push-to-registry: true - name: Upload SARIF to code scanning (Trivy image ยท Hadolint) if: always() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: trivy-image.sarif category: trivy-image - name: Upload SARIF to code scanning (Hadolint) if: always() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: hadolint.sarif category: hadolint diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml index 7da8597..066c4ad 100644 --- a/.github/workflows/openssf-scorecard.yml +++ b/.github/workflows/openssf-scorecard.yml @@ -50,7 +50,7 @@ jobs: scorecard-results.sarif scorecard-results.json retention-days: 90 - - uses: github/codeql-action/upload-sarif@v3 + - uses: github/codeql-action/upload-sarif@v4 with: sarif_file: scorecard-results.sarif category: scorecard