diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 19be626..0236a1b 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -38,7 +38,7 @@ jobs: run: tflint --disable-rule=terraform_unused_declarations --format sarif > tflint.sarif - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0 with: sarif_file: tflint.sarif tfsec: @@ -60,7 +60,7 @@ jobs: additional_args: '--format sarif --out tfsec.sarif --exclude aws-ssm-secret-use-customer-key,github-repositories-private,aws-vpc-no-excessive-port-access,github-repositories-require-signed-commits' - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0 with: sarif_file: tfsec.sarif checkov: @@ -87,6 +87,6 @@ jobs: skip_check: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0 with: sarif_file: ./checkov.sarif diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e0724e4..a56244c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v2.3.0 with: sarif_file: results.sarif