Upload-Sarif: Update all workflows to use Upload-Sarif V3

actions · Jul 25, 2024 · 763a1a6 · 763a1a6
1 parent 889ae22
commit 763a1a6
Show file tree

Hide file tree

Showing 53 changed files with 53 additions and 53 deletions.
diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml
@@ -43,6 +43,6 @@ jobs:
         fail-build: true
         severity-cutoff: critical
     - name: Upload vulnerability report
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml
@@ -66,6 +66,6 @@ jobs:
           # The name of the sarif format result file The file is written only if this property is provided.
           sarif-result-file: "apisec-results.sarif"
        - name: Import results
-         uses: github/codeql-action/upload-sarif@v2
+         uses: github/codeql-action/upload-sarif@v3
          with:
           sarif_file: ./apisec-results.sarif
diff --git a/code-scanning/bearer.yml b/code-scanning/bearer.yml
@@ -38,6 +38,6 @@ jobs:
           exit-code: 0
       # Upload SARIF file generated in previous step
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml
@@ -53,6 +53,6 @@ jobs:
 
     # Upload the SARIF file generated in the previous step
     - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: output.sarif.json
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
@@ -49,7 +49,7 @@ jobs:
           cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
           additional_params: --report-format sarif --output-path .
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: cx_result.sarif
diff --git a/code-scanning/checkmarx.yml b/code-scanning/checkmarx.yml
@@ -50,6 +50,6 @@ jobs:
         params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filter-severity --cx-flow.filter-category --checkmarx.disable-clubbing=true --repo-url=${{ github.event.repository.url }}
     # Upload the Report for CodeQL/Security Alerts
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: cx.sarif
diff --git a/code-scanning/clj-holmes.yml b/code-scanning/clj-holmes.yml
@@ -38,7 +38,7 @@ jobs:
           fail-on-result: 'false'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{github.workspace}}/clj-holmes-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/clj-watson.yml b/code-scanning/clj-watson.yml
@@ -48,7 +48,7 @@ jobs:
           fail-on-result: false
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{github.workspace}}/clj-watson-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml
@@ -50,7 +50,7 @@ jobs:
           cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         # Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
         # is needed to ensure the SARIF file is uploaded
         if: always()

diff --git a/code-scanning/codacy.yml b/code-scanning/codacy.yml
@@ -56,6 +56,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/codescan.yml b/code-scanning/codescan.yml
@@ -44,6 +44,6 @@ jobs:
                     organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
                     projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
             -   name: Upload SARIF file
-                uses: github/codeql-action/upload-sarif@v2
+                uses: github/codeql-action/upload-sarif@v3
                 with:
                     sarif_file: codescan.sarif
diff --git a/code-scanning/contrast-scan.yml b/code-scanning/contrast-scan.yml
@@ -48,6 +48,6 @@ jobs:
         authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
     #Upload the results to GitHub
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output
diff --git a/code-scanning/credo.yml b/code-scanning/credo.yml
@@ -55,7 +55,7 @@ jobs:
       - name: credo-scan
         run: mix credo --format=sarif > credo_output.sarif
       - name: upload sarif
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: credo_output.sarif
diff --git a/code-scanning/datree.yml b/code-scanning/datree.yml
@@ -42,6 +42,6 @@ jobs:
           # Setting a SARIF output will generate a file named "datree.sarif" containing your test results
           cliArguments: "-o sarif"
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: datree.sarif
diff --git a/code-scanning/defender-for-devops.yml b/code-scanning/defender-for-devops.yml
@@ -42,6 +42,6 @@ jobs:
       uses: microsoft/[email protected]
       id: msdo
     - name: Upload results to Security tab
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: ${{ steps.msdo.outputs.sarifFile }}
diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml
@@ -111,7 +111,7 @@ jobs:
         )" > ${{ github.workspace }}/detekt.sarif.json
 
     # Uploads results to GitHub repository using the upload-sarif action
-    - uses: github/codeql-action/upload-sarif@v2
+    - uses: github/codeql-action/upload-sarif@v3
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: ${{ github.workspace }}/detekt.sarif.json

diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml
@@ -29,6 +29,6 @@ jobs:
         uses: microsoft/DevSkim-Action@v1
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: devskim-results.sarif
diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml
@@ -46,6 +46,6 @@ jobs:
         ci_run: "false"
         sarif_file: findings.sarif
     - name: Upload SARIF to github
-      uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
+      uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
       with:
         sarif_file: findings.sarif
diff --git a/code-scanning/eslint.yml b/code-scanning/eslint.yml
@@ -44,7 +44,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: eslint-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/ethicalcheck.yml b/code-scanning/ethicalcheck.yml
@@ -63,7 +63,7 @@ jobs:
           sarif-result-file: "ethicalcheck-results.sarif"
 
        - name: Upload sarif file to repository
-         uses: github/codeql-action/upload-sarif@v2
+         uses: github/codeql-action/upload-sarif@v3
          with:
           sarif_file: ./ethicalcheck-results.sarif
 
diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml
@@ -33,6 +33,6 @@ jobs:
           output: 'flawfinder_results.sarif'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{github.workspace}}/flawfinder_results.sarif
diff --git a/code-scanning/hadolint.yml b/code-scanning/hadolint.yml
@@ -41,7 +41,7 @@ jobs:
           no-fail: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: hadolint-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml
@@ -36,6 +36,6 @@ jobs:
           exit-code: "0"
 
       - name: Upload Kubesec scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: kubesec-results.sarif
diff --git a/code-scanning/lintr.yml b/code-scanning/lintr.yml
@@ -49,7 +49,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: lintr-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml
@@ -61,6 +61,6 @@ jobs:
           sarif-report: mapi.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: mapi.sarif
diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml
@@ -38,6 +38,6 @@ jobs:
           args: . --sarif --output results.sarif || true
 
       - name: Upload mobsfscan report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml
@@ -54,7 +54,7 @@ jobs:
 
       # Upload SARIF file to GitHub Code Scanning Alerts
       - name: Upload SARIF to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ steps.run-analysis.outputs.sarif }}
 

diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml
@@ -37,6 +37,6 @@ jobs:
       with:
         args: '. --sarif --output results.sarif || true'
     - name: Upload njsscan report
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: results.sarif
diff --git a/code-scanning/nowsecure.yml b/code-scanning/nowsecure.yml
@@ -47,6 +47,6 @@ jobs:
           group_id: {{ groupId }}                 # Update this to your desired Platform group ID
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: NowSecure.sarif
diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml
@@ -51,6 +51,6 @@ jobs:
 
       # Upload results to the Security tab
     - name: Upload OSSAR results
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: ${{ steps.ossar.outputs.sarifFile }}
diff --git a/code-scanning/phpmd.yml b/code-scanning/phpmd.yml
@@ -51,7 +51,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: phpmd-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/pmd.yml b/code-scanning/pmd.yml
@@ -38,6 +38,6 @@ jobs:
           sourcePath: 'src/main/java'
           analyzeModifiedFilesOnly: false
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: pmd-report.sarif
diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml
@@ -44,6 +44,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/prisma.yml b/code-scanning/prisma.yml
@@ -49,7 +49,7 @@ jobs:
           # The service need to know the type of IaC being scanned
           template_type: 'CFT'
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         # Results are generated only on a success or failure
         # this is required since GitHub by default won't run the next step
         # when the previous one has failed.

diff --git a/code-scanning/psalm.yml b/code-scanning/psalm.yml
@@ -33,6 +33,6 @@ jobs:
         uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287
 
       - name: Upload Security Analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml
@@ -49,7 +49,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: puppet-lint-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml
@@ -47,6 +47,6 @@ jobs:
         "
 
     - name: Upload Sarif output
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: rubocop.sarif
diff --git a/code-scanning/rust-clippy.yml b/code-scanning/rust-clippy.yml
@@ -49,7 +49,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: rust-clippy-results.sarif
           wait-for-processing: true
diff --git a/code-scanning/scorecard.yml b/code-scanning/scorecard.yml
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/securitycodescan.yml b/code-scanning/securitycodescan.yml
@@ -38,4 +38,4 @@ jobs:
         uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
 
       - name: Upload sarif
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml
@@ -43,7 +43,7 @@ jobs:
 
       # Upload SARIF file generated in previous step
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: semgrep.sarif
         if: always()
diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml
@@ -50,6 +50,6 @@ jobs:
         image: your/image-to-test
         args: --file=Dockerfile
     - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: snyk.sarif
diff --git a/code-scanning/snyk-infrastructure.yml b/code-scanning/snyk-infrastructure.yml
@@ -49,6 +49,6 @@ jobs:
           # or `main.tf` for a Terraform configuration file
           file: your-file-to-test.yaml
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: snyk.sarif
diff --git a/code-scanning/snyk-security.yml b/code-scanning/snyk-security.yml
@@ -74,6 +74,6 @@ jobs:
 
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: snyk-code.sarif
diff --git a/code-scanning/sobelow.yml b/code-scanning/sobelow.yml
@@ -36,6 +36,6 @@ jobs:
       - id: run-action
         uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
       - name: Upload report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml
@@ -71,7 +71,7 @@ jobs:
 
     - name: Upload SARIF file
       if: ${{steps.prescription.outputs.sastScan == 'true' }}
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: workflowengine-results.sarif.json
diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml
@@ -55,7 +55,7 @@ jobs:
         # Sysdig inline scanner requires privileged rights
         run-as-user: root
 
-    - uses: github/codeql-action/upload-sarif@v2
+    - uses: github/codeql-action/upload-sarif@v3
       #Upload SARIF file
       if: always()
       with: