diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 8fdfff73e..20e8f7811 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -131,11 +131,11 @@ jobs: - name: Check out the repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a + uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 with: languages: go - name: Run CodeQL variant analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a + uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 - name: Show CodeQL scan SARIF report if: always() run: cat ../results/go.sarif @@ -147,7 +147,7 @@ jobs: - name: Check out the repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Run Anchore vulnerability scanner - uses: anchore/scan-action@d43cc1dfea6a99ed123bf8f3133f1797c9b44492 + uses: anchore/scan-action@bc9adf64917dd9444d6cf4dd68620c34ca3a5f69 id: scan with: path: "." @@ -158,7 +158,7 @@ jobs: run: cat ${{ steps.scan.outputs.sarif }} - name: Upload Anchore scan SARIF report if: always() - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a + uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index e5e9d1410..4187dd103 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -24,7 +24,7 @@ jobs: run: make unit - name: Run SonarScan, upload Go test results and coverage - uses: sonarsource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92 + uses: sonarsource/sonarcloud-github-action@eb211723266fe8e83102bac7361f0a05c3ac1d1b env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -38,11 +38,11 @@ jobs: - name: Check out the repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a + uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 with: languages: go - name: Run CodeQL variant analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a + uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 - name: Show CodeQL scan SARIF report if: always() run: cat ../results/go.sarif @@ -57,7 +57,7 @@ jobs: - name: Check out the repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Run Anchore vulnerability scanner - uses: anchore/scan-action@d43cc1dfea6a99ed123bf8f3133f1797c9b44492 + uses: anchore/scan-action@bc9adf64917dd9444d6cf4dd68620c34ca3a5f69 id: scan with: path: "." @@ -65,6 +65,6 @@ jobs: - name: Show Anchore scan SARIF report run: cat ${{ steps.scan.outputs.sarif }} - name: Upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a + uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 6dabf6de9..a2c46f1f8 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -33,7 +33,7 @@ jobs: done - name: Upload artifacts - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a with: name: Unit test artifacts path: artifacts