diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 3794a0cfa..238cc6a80 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -186,7 +186,7 @@ jobs: ignore-unfixed: true output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3.24.0 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: 'trivy-results.sarif' @@ -238,4 +238,4 @@ jobs: export TAG=$(cat images/nginx-1.25/TAG) cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . - \ No newline at end of file + diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9d00e8c38..387849a48 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@39cc02b1d9c54094b4cdbc06cec937d19c16ef3b # v2.1.37 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 1efd1fc0c..99e9fdfc7 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@39cc02b1d9c54094b4cdbc06cec937d19c16ef3b # v2.1.37 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository