diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index ad038fbb..1c5a9ba0 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -38,7 +38,7 @@ jobs: run: tflint --disable-rule=terraform_unused_declarations --format sarif > tflint.sarif - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 + uses: github/codeql-action/upload-sarif@8c8d71dde4abced210732d8486586914b97752e8 # v2.2.10 with: sarif_file: tflint.sarif tfsec: @@ -60,7 +60,7 @@ jobs: additional_args: '--format sarif --out tfsec.sarif --exclude aws-ssm-secret-use-customer-key,github-repositories-private,aws-vpc-no-excessive-port-access,github-repositories-require-signed-commits' - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 + uses: github/codeql-action/upload-sarif@8c8d71dde4abced210732d8486586914b97752e8 # v2.2.10 with: sarif_file: tfsec.sarif checkov: @@ -87,6 +87,6 @@ jobs: skip_check: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 + uses: github/codeql-action/upload-sarif@8c8d71dde4abced210732d8486586914b97752e8 # v2.2.10 with: sarif_file: ./checkov.sarif diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index dd989a6d..92738fe5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 + uses: github/codeql-action/upload-sarif@8c8d71dde4abced210732d8486586914b97752e8 # v2.2.10 with: sarif_file: results.sarif