diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index c5f492a..89a78b8 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -67,7 +67,7 @@ jobs: # - name: Upload Checkov SARIF report # if: success() || failure() - # uses: github/codeql-action/upload-sarif@v3 + # uses: github/codeql-action/upload-sarif@v4 # with: # sarif_file: results_sarif.sarif # wait-for-processing: true @@ -82,7 +82,7 @@ jobs: - name: Upload calibrated Checkov SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: checkov_findings_high_critical.sarif wait-for-processing: true @@ -90,7 +90,7 @@ jobs: - name: Upload Terrascan SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: terrascan.sarif wait-for-processing: true @@ -98,7 +98,7 @@ jobs: - name: Upload tfsec SARIF report if: success() || failure() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: tfsec.sarif wait-for-processing: true @@ -169,7 +169,7 @@ jobs: jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "file://" + .' reports/zap-scan-report.json > reports/zap-scan-report.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: reports/zap-scan-report.sarif @@ -207,7 +207,7 @@ jobs: bandit -r python-app -f sarif -o bandit-results.sarif - name: Upload SARIF results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: always() # Upload results whether the scan passed or failed with: sarif_file: bandit-results.sarif