Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the github-actions group with 3 updates #30

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the github-actions group with 3 updates #30

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/research-vuln-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
with:
image-ref: '${{ vars.GREENBONE_REGISTRY }}/opensight/opensight-postgres:16'
format: 'template'
Expand All @@ -36,7 +36,7 @@ jobs:
TRIVY_PASSWORD: ${{ secrets.GREENBONE_REGISTRY_READ_TOKEN }}

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
with:
sarif_file: 'trivy-results.sarif'
category: ${{ github.jobs[github.job].name }}
Expand All @@ -60,15 +60,15 @@ jobs:
password: ${{ secrets.GREENBONE_REGISTRY_READ_TOKEN }}

- name: Run the Anchore Grype scan action
uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7
uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65
id: grype
with:
image: '${{ vars.GREENBONE_REGISTRY }}/opensight/opensight-postgres:16'
fail-build: false
severity-cutoff: medium

- name: Upload grype vulnerability report
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
with:
sarif_file: ${{ steps.grype.outputs.sarif }}
category: ${{ github.jobs[github.job].name }}
Expand Down Expand Up @@ -108,7 +108,7 @@ jobs:
- name: Upload docker scout SARIF result
id: upload-sarif
if: ${{ github.event_name != 'pull_request_target' }}
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
with:
sarif_file: sarif.output.json
category: ${{ github.jobs[github.job].name }}
Loading