diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml index 64264e45a0..6f52d5d68d 100644 --- a/code-scanning/anchore.yml +++ b/code-scanning/anchore.yml @@ -40,6 +40,6 @@ jobs: image: "localbuild/testimage:latest" acs-report-enable: true - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml index 4737d0605f..5a9b75138d 100644 --- a/code-scanning/apisec-scan.yml +++ b/code-scanning/apisec-scan.yml @@ -64,6 +64,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ./apisec-results.sarif diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index 3237551deb..155208fc86 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -52,6 +52,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: output.sarif.json diff --git a/code-scanning/checkmarx.yml b/code-scanning/checkmarx.yml index d86d4f9a8a..297cae0d22 100644 --- a/code-scanning/checkmarx.yml +++ b/code-scanning/checkmarx.yml @@ -49,6 +49,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: cx.sarif diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml index 0d6b3de959..4a0cd73c00 100644 --- a/code-scanning/cloudrail.yml +++ b/code-scanning/cloudrail.yml @@ -50,7 +50,7 @@ jobs: cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 # Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always() # is needed to ensure the SARIF file is uploaded if: always() diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml index 8100be89cf..b74e449830 100644 --- a/code-scanning/codacy.yml +++ b/code-scanning/codacy.yml @@ -55,6 +55,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index cd9a68339a..37109ab2fa 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/code-scanning/codescan.yml b/code-scanning/codescan.yml index bc65eb0634..3b24d9f70b 100644 --- a/code-scanning/codescan.yml +++ b/code-scanning/codescan.yml @@ -37,6 +37,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: codescan.sarif diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml index 1118c3d474..0c65813487 100644 --- a/code-scanning/detekt.yml +++ b/code-scanning/detekt.yml @@ -111,7 +111,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index e057348414..bf1126103b 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -29,6 +29,6 @@ jobs: uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: devskim-results.sarif diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index 697e56150e..4ed8792449 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -33,6 +33,6 @@ jobs: output: 'flawfinder_results.sarif' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/code-scanning/fortify.yml b/code-scanning/fortify.yml index 83f99c1a02..5e7c4221f9 100644 --- a/code-scanning/fortify.yml +++ b/code-scanning/fortify.yml @@ -93,6 +93,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ./gh-fortify-sast.sarif diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 81ebaa792c..c432673224 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -36,6 +36,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: kubesec-results.sarif \ No newline at end of file diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml index ed424f1dab..64fe71ab92 100644 --- a/code-scanning/mayhem-for-api.yml +++ b/code-scanning/mayhem-for-api.yml @@ -61,6 +61,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: mapi.sarif diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml index 96655affea..6d2bfb8dc4 100644 --- a/code-scanning/mobsf.yml +++ b/code-scanning/mobsf.yml @@ -37,6 +37,6 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml index 13e58eff77..863fbcb8e7 100644 --- a/code-scanning/msvc.yml +++ b/code-scanning/msvc.yml @@ -53,7 +53,7 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml index 16ade3b2a3..8c359b8165 100644 --- a/code-scanning/njsscan.yml +++ b/code-scanning/njsscan.yml @@ -36,6 +36,6 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/nowsecure.yml b/code-scanning/nowsecure.yml index fbca5379b1..7b5ba8f6a3 100644 --- a/code-scanning/nowsecure.yml +++ b/code-scanning/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: NowSecure.sarif diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml index a6f6aa7059..01af5af136 100644 --- a/code-scanning/ossar.yml +++ b/code-scanning/ossar.yml @@ -44,6 +44,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/code-scanning/pmd.yml b/code-scanning/pmd.yml index cd88c3430b..0bc512cddf 100644 --- a/code-scanning/pmd.yml +++ b/code-scanning/pmd.yml @@ -31,6 +31,6 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: pmd-report.sarif diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml index e70dd96b2d..c50f2686ce 100644 --- a/code-scanning/powershell.yml +++ b/code-scanning/powershell.yml @@ -37,6 +37,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml index 07be948b7d..6f2031b6e1 100644 --- a/code-scanning/prisma.yml +++ b/code-scanning/prisma.yml @@ -48,7 +48,7 @@ jobs: # The service need to know the type of IaC being scanned template_type: 'CFT' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 # Results are generated only on a success or failure # this is required since GitHub by default won't run the next step # when the previous one has failed. diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index 4ab8001407..ed458b2a53 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -47,6 +47,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: rubocop.sarif diff --git a/code-scanning/securitycodescan.yml b/code-scanning/securitycodescan.yml index 0b2fa57a6e..b6ee5ad7b8 100644 --- a/code-scanning/securitycodescan.yml +++ b/code-scanning/securitycodescan.yml @@ -38,4 +38,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687 - name: Upload sarif - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml index 86c3647f5c..fae9885231 100644 --- a/code-scanning/semgrep.yml +++ b/code-scanning/semgrep.yml @@ -42,7 +42,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: semgrep.sarif if: always() diff --git a/code-scanning/shiftleft.yml b/code-scanning/shiftleft.yml index d1154d16de..b042670b8a 100644 --- a/code-scanning/shiftleft.yml +++ b/code-scanning/shiftleft.yml @@ -42,6 +42,6 @@ jobs: # type: python - name: Upload report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: reports diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml index 48ccbe9fc5..874f43b3ca 100644 --- a/code-scanning/snyk-container.yml +++ b/code-scanning/snyk-container.yml @@ -43,6 +43,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif diff --git a/code-scanning/snyk-infrastructure.yml b/code-scanning/snyk-infrastructure.yml index 2799bfccd5..f4e9b8cd0d 100644 --- a/code-scanning/snyk-infrastructure.yml +++ b/code-scanning/snyk-infrastructure.yml @@ -42,6 +42,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml index c73eb173d5..c32334c643 100644 --- a/code-scanning/synopsys-io.yml +++ b/code-scanning/synopsys-io.yml @@ -71,7 +71,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml index 92082e53a4..f075a8016c 100644 --- a/code-scanning/sysdig-scan.yml +++ b/code-scanning/sysdig-scan.yml @@ -54,7 +54,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 #Upload SARIF file if: always() with: diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml index 10a77ab6b2..6536fbefe9 100644 --- a/code-scanning/tfsec.yml +++ b/code-scanning/tfsec.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml index d6633bea06..06b5cae517 100644 --- a/code-scanning/trivy.yml +++ b/code-scanning/trivy.yml @@ -42,6 +42,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' diff --git a/code-scanning/veracode.yml b/code-scanning/veracode.yml index 2ce32123fb..b8a5b3796b 100644 --- a/code-scanning/veracode.yml +++ b/code-scanning/veracode.yml @@ -52,7 +52,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/code-scanning/xanitizer.yml b/code-scanning/xanitizer.yml index c20c741c02..48249fcdd2 100644 --- a/code-scanning/xanitizer.yml +++ b/code-scanning/xanitizer.yml @@ -88,6 +88,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: sarif_file: Xanitizer-Findings-List.sarif