diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 92e44c47e..93f17ab2c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -78,25 +78,25 @@ jobs: chmod +x ./task - name: Archive Kind - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kind path: ./kind - name: Archive Kubectl - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kubectl path: ./kubectl - name: Archive Helm - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: helm path: ./linux-amd64/helm - name: Archive Task - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: task path: ./task @@ -113,7 +113,7 @@ jobs: steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Download Helm - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: helm path: ./helm @@ -131,7 +131,7 @@ jobs: helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST_VERSION }} --verify=false - name: Download Task - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: task path: ./task @@ -161,13 +161,13 @@ jobs: java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk architecture: x64 # (x64 or x86) - defaults to x64 - name: Cache SonarCloud packages - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Gradle packages - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ~/.gradle/caches key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} @@ -217,7 +217,7 @@ jobs: run: make docker-export-${{ matrix.component }} - name: Upload Image As Artifact - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ matrix.component }}-image path: ./operator/${{ matrix.component }}.tar @@ -256,7 +256,7 @@ jobs: run: make docker-export - name: Upload Image As Artifact - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: auto-discovery-image path: ./auto-discovery/kubernetes/auto-discovery-kubernetes.tar @@ -284,7 +284,7 @@ jobs: go vet ./... - name: Download Task - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: task path: ./task @@ -294,19 +294,19 @@ jobs: chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task - name: Download Kind - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kind path: ./kind - name: Download Kubectl - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kubectl path: ./kubectl - name: Download Helm - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: helm path: ./helm @@ -336,7 +336,7 @@ jobs: run: task docker-export - name: Upload Image As Artifact - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: auto-discovery-pull-secret-extractor path: ./auto-discovery/kubernetes/pull-secret-extractor/auto-discovery-secret-extractor.tar @@ -389,7 +389,7 @@ jobs: run: make docker-export - name: Upload Image As Artifact - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: auto-discovery-cloud-aws-image path: ./auto-discovery/cloud-aws/auto-discovery-cloud-aws.tar @@ -418,7 +418,7 @@ jobs: run: make docker-export-sdk - name: Upload Artifact - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ matrix.sdk }}-image path: ./${{ matrix.sdk }}/nodejs/${{ matrix.sdk }}.tar @@ -463,7 +463,7 @@ jobs: uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 - name: Download Task - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: task path: ./task @@ -473,19 +473,19 @@ jobs: chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task - name: Download Kind - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kind path: ./kind - name: Download Kubectl - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kubectl path: ./kubectl - name: Download Helm - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: helm path: ./helm @@ -507,7 +507,7 @@ jobs: run: task test:unit - name: Download Parser SDK Image - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: parser-sdk-image path: /tmp @@ -518,7 +518,7 @@ jobs: docker images | grep sdk - name: Download Operator Image - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: operator-image path: ./operator @@ -529,7 +529,7 @@ jobs: docker images | grep operator - name: Download Lurker Image - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: lurker-image path: ./operator @@ -616,7 +616,7 @@ jobs: uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 - name: Download Task - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: task path: ./task @@ -626,19 +626,19 @@ jobs: chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task - name: Download Kind - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kind path: ./kind - name: Download Kubectl - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kubectl path: ./kubectl - name: Download Helm - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: helm path: ./helm @@ -660,7 +660,7 @@ jobs: run: task test:unit - name: Download Parser SDK Image - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: hook-sdk-image path: /tmp @@ -671,7 +671,7 @@ jobs: docker images | grep sdk - name: Download Operator Image - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: operator-image path: ./operator @@ -682,7 +682,7 @@ jobs: docker images | grep operator - name: Download Lurker Image - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: lurker-image path: ./operator diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index b7f28353e..c7ced2237 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -57,7 +57,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ success() }} || ${{ failure() }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: MegaLinter reports path: | diff --git a/.github/workflows/oss-scorecard.yaml b/.github/workflows/oss-scorecard.yaml index ec5e52c34..8df36b754 100644 --- a/.github/workflows/oss-scorecard.yaml +++ b/.github/workflows/oss-scorecard.yaml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7 + uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 with: sarif_file: results.sarif diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index 28557a6ce..58ea90a5b 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -425,7 +425,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set ENV Var with Scanner Version - uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 + uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1 # Notice: The current version of the scanner is provided via the Chart.yaml to ensure # there is only one place to edit the version of a scanner with: @@ -433,7 +433,7 @@ jobs: # extract the supported cpu architectures from the Chart.yaml - name: Set ENV Var with Supported Platforms - uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 + uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1 with: cmd: echo supportedPlatforms=$(yq e .annotations.supported-platforms scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV @@ -555,7 +555,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set ENV Var with Demo-Target Version - uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 + uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1 # Notice: The current version of the demo-target is provided via the Chart.yaml to ensure # there is only one place to edit the version of a scanner with: diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index e19179506..a7b0e597c 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -61,14 +61,14 @@ jobs: # Fetching scanner version from local chart .appVersion attribute # this would look like 1.1.1 or v1.1.1 depending on the corresponding Docker image tag - name: Fetch local scanner version - uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 + uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1 with: cmd: echo local=$(yq e .appVersion scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV # Fetching scanner version API from local chart .annotations.versionApi attribute # This would look like https://api.github.com/repos/projectdiscovery/nuclei/releases/latest - name: Fetch scanner's version API - uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 + uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1 with: cmd: echo versionApi=$(yq e .annotations.versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV @@ -143,7 +143,7 @@ jobs: - name: Upgrade Scanner Helm Chart if: ${{ env.release != env.local && env.prExists == 0 && env.release != null}} - uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 + uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1 with: # appVersion value in chart is replaced with release value. Empty lines are deleted in the process cmd: yq e --inplace '.appVersion = "${{env.release}}"' ./scanners/${{ matrix.scanner }}/Chart.yaml @@ -189,7 +189,7 @@ jobs: - name: Create Pull Request if: ${{ env.release != env.local && env.prExists == 0 && env.release != null }} - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 with: token: ${{ secrets.SCB_BOT_USER_TOKEN }} committer: secureCodeBoxBot