Skip to content

Comments

test sarif#354

Open
suzuki-shunsuke wants to merge 7 commits intomainfrom
test-reviewdog-sarif
Open

test sarif#354
suzuki-shunsuke wants to merge 7 commits intomainfrom
test-reviewdog-sarif

Conversation

@suzuki-shunsuke
Copy link
Collaborator

@suzuki-shunsuke suzuki-shunsuke commented Dec 27, 2025
edited
Loading

hello

github-actions[bot]
github-actions bot reviewed Dec 27, 2025
View reviewed changes
.github/workflows/test.yaml
- run: echo "$PAYLOAD"
env:
PAYLOAD: ${{ toJson(github.event) }}
- uses: actions/checkout@v4
Copy link
Contributor

@github-actions github-actions bot Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [pinact] reported by reviewdog 🐶
Action should be pinned: - uses: actions/checkout@v4 -> - uses: actions/checkout@34e1148 # v4.3.1

.github/workflows/test.yaml
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: aquaproj/aqua-installer@v4.0.4
Copy link
Contributor

@github-actions github-actions bot Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [pinact] reported by reviewdog 🐶
Action should be pinned: - uses: aquaproj/aqua-installer@v4.0.4 -> - uses: aquaproj/aqua-installer@11dd79b # v4.0.4

@github-advanced-security
Copy link

github-advanced-security bot commented Dec 27, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2025
View reviewed changes
.github/workflows/test.yaml
- run: echo "$PAYLOAD"
env:
PAYLOAD: ${{ toJson(github.event) }}
- uses: actions/checkout@v4

Check warning

Code scanning / pinact

GitHub Action is not pinned to a commit SHA Warning test

Action should be pinned: - uses: actions/checkout@v4 -> - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
.github/workflows/test.yaml
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: aquaproj/aqua-installer@v4.0.4

Check warning

Code scanning / pinact

GitHub Action is not pinned to a commit SHA Warning test

Action should be pinned: - uses: aquaproj/aqua-installer@v4.0.4 -> - uses: aquaproj/aqua-installer@11dd79b4e498d471a9385aa9fb7f62bb5f52a73c # v4.0.4
.github/workflows/test.yaml
# pinact run --diff --format sarif |
# reviewdog -f sarif -name pinact -reporter github-pr-review -level warning -fail-level warning
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4

Check warning

Code scanning / pinact

GitHub Action is not pinned to a commit SHA Warning test

Action should be pinned: uses: github/codeql-action/upload-sarif@v4 -> uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
@suzuki-shunsuke
Copy link
Collaborator Author

suzuki-shunsuke commented Dec 30, 2025

hello

@suzuki-shunsuke suzuki-shunsuke added the enhancement New feature or request label Dec 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@suzuki-shunsuke