From c775964fb69ba1910842be9df59940f9906a23a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 19:51:25 +0000 Subject: [PATCH] Update github/codeql-action action to v4.36.2 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/job-ossf-scorecard.yml | 2 +- .github/workflows/job-trivy-image.yml | 2 +- .github/workflows/job-trivy-sbom.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/job-ossf-scorecard.yml b/.github/workflows/job-ossf-scorecard.yml index 74338363..de7a120e 100644 --- a/.github/workflows/job-ossf-scorecard.yml +++ b/.github/workflows/job-ossf-scorecard.yml @@ -32,6 +32,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard . - name: "Upload OpenSSF results to code-scanning dashboard" - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: ossf-scorecard-results.sarif diff --git a/.github/workflows/job-trivy-image.yml b/.github/workflows/job-trivy-image.yml index d4b16d1f..74ba4fe1 100644 --- a/.github/workflows/job-trivy-image.yml +++ b/.github/workflows/job-trivy-image.yml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@bc0b696b4103f5fe60f15749af68a046868d511a # v2.25.4 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/job-trivy-sbom.yml b/.github/workflows/job-trivy-sbom.yml index 5d900bfe..a7a0e7a8 100644 --- a/.github/workflows/job-trivy-sbom.yml +++ b/.github/workflows/job-trivy-sbom.yml @@ -93,7 +93,7 @@ jobs: # Code scanning upload only works on public repos (or private repos with # GitHub Advanced Security), so gate it on the repo being public. if: hashFiles('trivy.sarif') != '' && github.event.repository.private == false - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 with: sarif_file: 'trivy.sarif' category: 'trivy-sbom-release-scan'