diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 96af581d50..ff404c8261 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -252,7 +252,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: DEV - Update ${{ needs.build.outputs.release_tag }} tag - uses: richardsimko/update-tag@v1.0.7 + uses: richardsimko/update-tag@v1 if: needs.build.outputs.do_dev_release with: tag_name: ${{ needs.build.outputs.release_tag }} diff --git a/.github/workflows/fortify-analysis.yml b/.github/workflows/fortify-analysis.yml index 7b70da0647..b90ebf76fe 100644 --- a/.github/workflows/fortify-analysis.yml +++ b/.github/workflows/fortify-analysis.yml @@ -39,7 +39,7 @@ jobs: steps: # Check out source code - name: Check Out Source Code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: develop @@ -70,7 +70,7 @@ jobs: # Credentials and release ID should be obtained from your FoD tenant (either Personal Access Token or API Key can be used). # Automated Audit preference should be configured for the release's Static Scan Settings in the Fortify on Demand portal. - name: Download Fortify on Demand Universal CI Tool - uses: fortify/gha-setup-fod-uploader@6e6bb8a33cb476e240929fa8ebc739ff110e7433 + uses: fortify/gha-setup-fod-uploader@v1 - name: Perform SAST Scan run: java -jar $FOD_UPLOAD_JAR -z package.zip -aurl $FOD_API_URL -purl $FOD_URL -rid "$FOD_RELEASE_ID" -tc "$FOD_TENANT" -uc "$FOD_USER" "$FOD_PAT" $FOD_UPLOADER_OPTS -n "$FOD_UPLOADER_NOTES" env: @@ -85,7 +85,7 @@ jobs: # Once scan completes, pull SAST issues from Fortify on Demand and generate SARIF output. - name: Export results to GitHub-optimized SARIF - uses: fortify/gha-export-vulnerabilities@fcb374411cff9809028c911dabb8b57dbdae623b + uses: fortify/gha-export-vulnerabilities@v1 with: fod_base_url: "https://ams.fortify.com/" fod_tenant: ${{ secrets.OSS_FOD_TENANT }}