diff --git a/.github/workflows/build-id.yaml b/.github/workflows/build-id.yaml index 4e47ca46b5..d5f78fbaeb 100644 --- a/.github/workflows/build-id.yaml +++ b/.github/workflows/build-id.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index ab81c7e893..0ce2159bd3 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit @@ -32,12 +32,12 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 diff --git a/.github/workflows/dep-review.yaml b/.github/workflows/dep-review.yaml index 410542bf24..bb561c6ade 100644 --- a/.github/workflows/dep-review.yaml +++ b/.github/workflows/dep-review.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit diff --git a/.github/workflows/deploy_docs.yaml b/.github/workflows/deploy_docs.yaml index e8afb657a3..5123b729c3 100644 --- a/.github/workflows/deploy_docs.yaml +++ b/.github/workflows/deploy_docs.yaml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit diff --git a/.github/workflows/e2e-build.yaml b/.github/workflows/e2e-build.yaml index 07e31911d9..139af33df4 100644 --- a/.github/workflows/e2e-build.yaml +++ b/.github/workflows/e2e-build.yaml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Set up Go @@ -57,7 +57,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Set up Go @@ -99,7 +99,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Set up Go @@ -141,7 +141,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Set up Go diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 3687ee9704..f3a8b34093 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit @@ -47,7 +47,7 @@ jobs: E2E_TEST: ${{ fromJson(needs.build-e2e-test-list.outputs.e2e-tests) }} steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Check out code into the Go module directory diff --git a/.github/workflows/patch-docs.yaml b/.github/workflows/patch-docs.yaml index 7948995845..8ed58895be 100644 --- a/.github/workflows/patch-docs.yaml +++ b/.github/workflows/patch-docs.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 6614a0f398..a6d4d10065 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 70e1111a6a..019969f521 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit diff --git a/.github/workflows/scan-images.yaml b/.github/workflows/scan-images.yaml index 157be81b71..94bc58487c 100644 --- a/.github/workflows/scan-images.yaml +++ b/.github/workflows/scan-images.yaml @@ -37,7 +37,7 @@ jobs: - {image: eraser-trivy-scanner, build_cmd: docker-build-trivy-scanner, repo_environment_var: TRIVY_SCANNER_REPO} steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: make ${{ matrix.data.build_cmd }} VERSION=${{ env.TAG }} ${{ matrix.data.repo_environment_var }}=${{ env.REGISTRY }}/${{ matrix.data.image }} - name: Scan for vulnerabilities - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # 0.21.0 with: image-ref: ${{ env.REGISTRY }}/${{ matrix.data.image }}:${{ env.TAG }} vuln-type: 'os,library' @@ -79,7 +79,7 @@ jobs: image: [remover, eraser-manager, collector, eraser-trivy-scanner] steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit @@ -90,6 +90,6 @@ jobs: merge-multiple: true - name: Upload results to GitHub Security - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.14.4 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v2.14.4 with: sarif_file: ${{ matrix.image }}-results.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b99aad84ed..904d71b5a0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: egress-policy: audit @@ -66,6 +66,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.2.4 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v2.2.4 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 4a1f41fbd7..672a0b1981 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -45,7 +45,7 @@ jobs: timeout-minutes: 40 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 @@ -87,7 +87,7 @@ jobs: timeout-minutes: 40 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Set up Go @@ -108,7 +108,7 @@ jobs: - name: Unit test run: make test - name: Codecov upload - uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c with: flags: unittests file: ./cover.out @@ -120,7 +120,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit - name: Check out code into the Go module directory @@ -145,7 +145,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 with: egress-policy: audit