From bffd1937155d7d24f580b4a57af7198234e0605e Mon Sep 17 00:00:00 2001 From: Anchorfree Jenkins Date: Mon, 15 Apr 2024 09:56:15 +0000 Subject: [PATCH] Workflows updated from AnchorFree/workflows:1b1cade --- .github/workflows/hadolint.yml | 5 ++--- .github/workflows/trivy.yml | 16 ++++++++-------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 0bfca66235..a51635b045 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -10,10 +10,9 @@ jobs: pull-requests: write steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Scanning the dockerfile - uses: reviewdog/action-hadolint@v1.34.1 + uses: reviewdog/action-hadolint@v1.39.0 with: reporter: github-pr-review filter_mode: file - diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index f511f79828..852cc18d3a 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: lfs: true submodules: recursive @@ -32,14 +32,14 @@ jobs: run: git lfs checkout - name: Run Trivy vulnerability scanner in repo mode (table) - uses: aquasecurity/trivy-action@0.10.0 + uses: aquasecurity/trivy-action@0.19.0 with: scan-type: 'fs' ignore-unfixed: true format: 'table' - name: Run Trivy vulnerability scanner in repo mode (sarif) - uses: aquasecurity/trivy-action@0.10.0 + uses: aquasecurity/trivy-action@0.19.0 with: scan-type: 'fs' ignore-unfixed: true @@ -47,7 +47,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' @@ -60,7 +60,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: lfs: true submodules: recursive @@ -72,14 +72,14 @@ jobs: run: | docker build -t ${{ github.sha }} . - name: Run Trivy vulnerability scanner in image mode (table output) - uses: aquasecurity/trivy-action@0.10.0 + uses: aquasecurity/trivy-action@0.19.0 with: image-ref: '${{ github.sha }}' ignore-unfixed: true format: 'table' - name: Run Trivy vulnerability scanner in image mode (sarif output) - uses: aquasecurity/trivy-action@0.10.0 + uses: aquasecurity/trivy-action@0.19.0 with: image-ref: '${{ github.sha }}' ignore-unfixed: true @@ -87,6 +87,6 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif'