From 8d8c6f77d6d743a4b096c8b5b1eee8467552de77 Mon Sep 17 00:00:00 2001 From: Thomas Boop Date: Thu, 31 Mar 2022 08:24:35 -0400 Subject: [PATCH] update to v2 --- code-scanning/anchore.yml | 2 +- code-scanning/apisec-scan.yml | 2 +- code-scanning/brakeman.yml | 2 +- code-scanning/checkmarx.yml | 2 +- code-scanning/cloudrail.yml | 2 +- code-scanning/codacy.yml | 2 +- code-scanning/codeql.yml | 6 +++--- code-scanning/codescan.yml | 2 +- code-scanning/detekt.yml | 2 +- code-scanning/devskim.yml | 2 +- code-scanning/flawfinder.yml | 2 +- code-scanning/fortify.yml | 2 +- code-scanning/kubesec.yml | 2 +- code-scanning/mayhem-for-api.yml | 2 +- code-scanning/mobsf.yml | 2 +- code-scanning/msvc.yml | 2 +- code-scanning/njsscan.yml | 2 +- code-scanning/nowsecure.yml | 2 +- code-scanning/ossar.yml | 2 +- code-scanning/pmd.yml | 2 +- code-scanning/powershell.yml | 2 +- code-scanning/prisma.yml | 2 +- code-scanning/rubocop.yml | 2 +- code-scanning/securitycodescan.yml | 2 +- code-scanning/semgrep.yml | 2 +- code-scanning/shiftleft.yml | 2 +- code-scanning/snyk-container.yml | 2 +- code-scanning/snyk-infrastructure.yml | 2 +- code-scanning/synopsys-io.yml | 2 +- code-scanning/sysdig-scan.yml | 2 +- code-scanning/tfsec.yml | 2 +- code-scanning/trivy.yml | 2 +- code-scanning/veracode.yml | 2 +- code-scanning/xanitizer.yml | 2 +- 34 files changed, 36 insertions(+), 36 deletions(-) diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml index fcca708e99..66dd09f4f9 100644 --- a/code-scanning/anchore.yml +++ b/code-scanning/anchore.yml @@ -40,6 +40,6 @@ jobs: image: "localbuild/testimage:latest" acs-report-enable: true - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml index 4737d0605f..5a9b75138d 100644 --- a/code-scanning/apisec-scan.yml +++ b/code-scanning/apisec-scan.yml @@ -64,6 +64,6 @@ jobs: # The name of the sarif format result file The file is written only if this property is provided. sarif-result-file: "apisec-results.sarif" - name: Import results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ./apisec-results.sarif diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index d0b25ac9a3..f54f6e73fd 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -52,6 +52,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: output.sarif.json diff --git a/code-scanning/checkmarx.yml b/code-scanning/checkmarx.yml index d012bce5c8..dc96cde2ee 100644 --- a/code-scanning/checkmarx.yml +++ b/code-scanning/checkmarx.yml @@ -49,6 +49,6 @@ jobs: params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory # Upload the Report for CodeQL/Security Alerts - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: cx.sarif diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml index 00e270ad57..dd70bdf62c 100644 --- a/code-scanning/cloudrail.yml +++ b/code-scanning/cloudrail.yml @@ -50,7 +50,7 @@ jobs: cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 # Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always() # is needed to ensure the SARIF file is uploaded if: always() diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml index 4892930921..6b0df9ecd3 100644 --- a/code-scanning/codacy.yml +++ b/code-scanning/codacy.yml @@ -55,6 +55,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index 57b4b69ad9..07b48e7f50 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/code-scanning/codescan.yml b/code-scanning/codescan.yml index 5886843a56..b87586c16e 100644 --- a/code-scanning/codescan.yml +++ b/code-scanning/codescan.yml @@ -37,6 +37,6 @@ jobs: organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }} projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: codescan.sarif diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml index a8610c32c4..505e31a188 100644 --- a/code-scanning/detekt.yml +++ b/code-scanning/detekt.yml @@ -111,7 +111,7 @@ jobs: )" > ${{ github.workspace }}/detekt.sarif.json # Uploads results to GitHub repository using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 3a5c45fb59..a4354487f4 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -29,6 +29,6 @@ jobs: uses: microsoft/DevSkim-Action@v1 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: devskim-results.sarif diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index 080953ea17..179d56ffa0 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -33,6 +33,6 @@ jobs: output: 'flawfinder_results.sarif' - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/code-scanning/fortify.yml b/code-scanning/fortify.yml index d67d194897..1d37bc0691 100644 --- a/code-scanning/fortify.yml +++ b/code-scanning/fortify.yml @@ -92,6 +92,6 @@ jobs: # Import Fortify on Demand results to GitHub Security Code Scanning - name: Import Results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ./gh-fortify-sast.sarif diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 1cad70cba8..ac7085e984 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -36,6 +36,6 @@ jobs: exit-code: "0" - name: Upload Kubesec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: kubesec-results.sarif \ No newline at end of file diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml index 59d66a003e..94bdc4afb3 100644 --- a/code-scanning/mayhem-for-api.yml +++ b/code-scanning/mayhem-for-api.yml @@ -61,6 +61,6 @@ jobs: sarif-report: mapi.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: mapi.sarif diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml index d8eaa9246b..03aec536f6 100644 --- a/code-scanning/mobsf.yml +++ b/code-scanning/mobsf.yml @@ -37,6 +37,6 @@ jobs: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml index 0abb40937c..078399f50b 100644 --- a/code-scanning/msvc.yml +++ b/code-scanning/msvc.yml @@ -53,7 +53,7 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml index a6da087b9b..421aa31ab4 100644 --- a/code-scanning/njsscan.yml +++ b/code-scanning/njsscan.yml @@ -36,6 +36,6 @@ jobs: with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/nowsecure.yml b/code-scanning/nowsecure.yml index 92126bdfde..161c78644c 100644 --- a/code-scanning/nowsecure.yml +++ b/code-scanning/nowsecure.yml @@ -47,6 +47,6 @@ jobs: group_id: {{ groupId }} # Update this to your desired Platform group ID - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: NowSecure.sarif diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml index b5aefa4b59..b3d5b39094 100644 --- a/code-scanning/ossar.yml +++ b/code-scanning/ossar.yml @@ -44,6 +44,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/code-scanning/pmd.yml b/code-scanning/pmd.yml index 06047344f7..e4702d8239 100644 --- a/code-scanning/pmd.yml +++ b/code-scanning/pmd.yml @@ -31,6 +31,6 @@ jobs: sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: pmd-report.sarif diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml index dfbf452e2b..5252cf01e4 100644 --- a/code-scanning/powershell.yml +++ b/code-scanning/powershell.yml @@ -37,6 +37,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml index 5b1148202e..729cbac980 100644 --- a/code-scanning/prisma.yml +++ b/code-scanning/prisma.yml @@ -48,7 +48,7 @@ jobs: # The service need to know the type of IaC being scanned template_type: 'CFT' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 # Results are generated only on a success or failure # this is required since GitHub by default won't run the next step # when the previous one has failed. diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index 373d5b689d..8f32c738f0 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -47,6 +47,6 @@ jobs: " - name: Upload Sarif output - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: rubocop.sarif diff --git a/code-scanning/securitycodescan.yml b/code-scanning/securitycodescan.yml index 3063c7ad7e..471c216230 100644 --- a/code-scanning/securitycodescan.yml +++ b/code-scanning/securitycodescan.yml @@ -38,4 +38,4 @@ jobs: uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687 - name: Upload sarif - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml index f99d441f78..f88ad21b69 100644 --- a/code-scanning/semgrep.yml +++ b/code-scanning/semgrep.yml @@ -42,7 +42,7 @@ jobs: # Upload SARIF file generated in previous step - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: semgrep.sarif if: always() diff --git a/code-scanning/shiftleft.yml b/code-scanning/shiftleft.yml index 48b86d3d96..552bc99713 100644 --- a/code-scanning/shiftleft.yml +++ b/code-scanning/shiftleft.yml @@ -42,6 +42,6 @@ jobs: # type: python - name: Upload report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: reports diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml index 8ff2c9a4b8..d0a95bf66b 100644 --- a/code-scanning/snyk-container.yml +++ b/code-scanning/snyk-container.yml @@ -43,6 +43,6 @@ jobs: image: your/image-to-test args: --file=Dockerfile - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif diff --git a/code-scanning/snyk-infrastructure.yml b/code-scanning/snyk-infrastructure.yml index b79bf340e4..ee4723dc3f 100644 --- a/code-scanning/snyk-infrastructure.yml +++ b/code-scanning/snyk-infrastructure.yml @@ -42,6 +42,6 @@ jobs: # or `main.tf` for a Terraform configuration file file: your-file-to-test.yaml - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml index 0c1ff16a3a..e32030371a 100644 --- a/code-scanning/synopsys-io.yml +++ b/code-scanning/synopsys-io.yml @@ -71,7 +71,7 @@ jobs: - name: Upload SARIF file if: ${{steps.prescription.outputs.sastScan == 'true' }} - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: workflowengine-results.sarif.json diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml index f9b29fc5ea..0b5af83595 100644 --- a/code-scanning/sysdig-scan.yml +++ b/code-scanning/sysdig-scan.yml @@ -54,7 +54,7 @@ jobs: # Sysdig inline scanner requires privileged rights run-as-user: root - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 #Upload SARIF file if: always() with: diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml index 479f713c96..275bf453cc 100644 --- a/code-scanning/tfsec.yml +++ b/code-scanning/tfsec.yml @@ -32,7 +32,7 @@ jobs: sarif_file: tfsec.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: tfsec.sarif diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml index 3d5373f22c..3bb0b1c8e9 100644 --- a/code-scanning/trivy.yml +++ b/code-scanning/trivy.yml @@ -42,6 +42,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' diff --git a/code-scanning/veracode.yml b/code-scanning/veracode.yml index 073d1b6b99..c7645511ac 100644 --- a/code-scanning/veracode.yml +++ b/code-scanning/veracode.yml @@ -51,7 +51,7 @@ jobs: uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be with: pipeline-results-json: results.json - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: veracode-results.sarif diff --git a/code-scanning/xanitizer.yml b/code-scanning/xanitizer.yml index dc3c9ceed3..ec0019a2ff 100644 --- a/code-scanning/xanitizer.yml +++ b/code-scanning/xanitizer.yml @@ -87,6 +87,6 @@ jobs: *-Findings-List.sarif # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action - - uses: github/codeql-action/upload-sarif@v1 + - uses: github/codeql-action/upload-sarif@v2 with: sarif_file: Xanitizer-Findings-List.sarif