From f227cd561fa2d6160c29a1f1726a805c0993c778 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 05:50:38 +0000 Subject: [PATCH] Update github/codeql-action action to v3 --- .github/workflows/checkmarx-analysis.yml | 2 +- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/codeql-analysis2.yml | 6 +++--- .github/workflows/codescan-analysis.yml | 2 +- .github/workflows/fortify-analysis.yml | 2 +- .github/workflows/ossar-analysis.yml | 2 +- .github/workflows/shiftleft-analysis.yml | 2 +- .github/workflows/veracode-analysis.yml | 2 +- .github/workflows/xanitizer-analysis.yml | 2 +- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/checkmarx-analysis.yml b/.github/workflows/checkmarx-analysis.yml index 515179666b20..d3baf51f95dd 100644 --- a/.github/workflows/checkmarx-analysis.yml +++ b/.github/workflows/checkmarx-analysis.yml @@ -33,6 +33,6 @@ jobs: checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: cx.sarif diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 62f109c83017..a6e72a2c85c7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -34,7 +34,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -45,7 +45,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -59,4 +59,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/codeql-analysis2.yml b/.github/workflows/codeql-analysis2.yml index 671411967913..7078799be0c3 100644 --- a/.github/workflows/codeql-analysis2.yml +++ b/.github/workflows/codeql-analysis2.yml @@ -34,7 +34,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -45,7 +45,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -59,4 +59,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/codescan-analysis.yml b/.github/workflows/codescan-analysis.yml index edfd2f2d8f30..1a76e0f81ced 100644 --- a/.github/workflows/codescan-analysis.yml +++ b/.github/workflows/codescan-analysis.yml @@ -30,6 +30,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: codescan.sarif diff --git a/.github/workflows/fortify-analysis.yml b/.github/workflows/fortify-analysis.yml index f8c56c1527a0..cff6ad7d55ca 100644 --- a/.github/workflows/fortify-analysis.yml +++ b/.github/workflows/fortify-analysis.yml @@ -90,6 +90,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ./sarif/output.sarif diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml index 86a27acd2a98..b71471e3a0c2 100644 --- a/.github/workflows/ossar-analysis.yml +++ b/.github/workflows/ossar-analysis.yml @@ -44,6 +44,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml index 5a97689c6fe2..3e2b8284c4f8 100644 --- a/.github/workflows/shiftleft-analysis.yml +++ b/.github/workflows/shiftleft-analysis.yml @@ -31,6 +31,6 @@ jobs: # type: python - name: Upload report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: reports diff --git a/.github/workflows/veracode-analysis.yml b/.github/workflows/veracode-analysis.yml index 395f8316c991..11edd8955752 100644 --- a/.github/workflows/veracode-analysis.yml +++ b/.github/workflows/veracode-analysis.yml @@ -54,7 +54,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@master with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/.github/workflows/xanitizer-analysis.yml b/.github/workflows/xanitizer-analysis.yml index a714b859c76e..4033e89867a8 100644 --- a/.github/workflows/xanitizer-analysis.yml +++ b/.github/workflows/xanitizer-analysis.yml @@ -81,6 +81,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v3 with: sarif_file: Xanitizer-Findings-List.sarif