diff --git a/.github/workflows/job-ossf-scorecard.yml b/.github/workflows/job-ossf-scorecard.yml index 7433836..de7a120 100644 --- a/.github/workflows/job-ossf-scorecard.yml +++ b/.github/workflows/job-ossf-scorecard.yml @@ -32,6 +32,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard . - name: "Upload OpenSSF results to code-scanning dashboard" - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: ossf-scorecard-results.sarif diff --git a/.github/workflows/job-trivy-image.yml b/.github/workflows/job-trivy-image.yml index d4b16d1..74ba4fe 100644 --- a/.github/workflows/job-trivy-image.yml +++ b/.github/workflows/job-trivy-image.yml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@bc0b696b4103f5fe60f15749af68a046868d511a # v2.25.4 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/job-trivy-sbom.yml b/.github/workflows/job-trivy-sbom.yml index 5d900bf..a7a0e7a 100644 --- a/.github/workflows/job-trivy-sbom.yml +++ b/.github/workflows/job-trivy-sbom.yml @@ -93,7 +93,7 @@ jobs: # Code scanning upload only works on public repos (or private repos with # GitHub Advanced Security), so gate it on the repo being public. if: hashFiles('trivy.sarif') != '' && github.event.repository.private == false - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 with: sarif_file: 'trivy.sarif' category: 'trivy-sbom-release-scan'