Skip to content

build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#237) #105

build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#237)

build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#237) #105

Workflow file for this run

name: POP - poutine on poutine
on:
push:
branches: [ main ]
paths:
- .github/workflows/**
- action.yml
pull_request:
branches: [ main ]
paths:
- .github/workflows/**
- action.yml
- '!README.md'
- '!LICENSE'
- '!docs/**'
- '!.github/**'
permissions: {}
jobs:
pop:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: audit
allowed-endpoints: >
github.com:443
api.github.com:443
codeload.github.com:443
objects.githubusercontent.com:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: boostsecurityio/poutine-action@main # Dogfood the latest action
name: "Run poutine on poutine's own codebase"
id: self-test
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
with:
sarif_file: results.sarif