Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: bump the gh-actions-packages group across 1 directory with 7 updates #294

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 25, 2024

Bumps the gh-actions-packages group with 7 updates in the / directory:

Package From To
actions/checkout 4.1.6 4.1.7
snok/container-retention-policy 2.2.1 3.0.0
github/codeql-action 3.25.6 3.25.10
actions/dependency-review-action 4.3.2 4.3.3
bridgecrewio/checkov-action 12.2762.0 12.2787.0
docker/build-push-action 5.3.0 6.1.0
mikepenz/action-junit-report 4.2.1 4.3.1

Updates actions/checkout from 4.1.6 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.1.6...v4.1.7

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

... (truncated)

Commits

Updates snok/container-retention-policy from 2.2.1 to 3.0.0

Release notes

Sourced from snok/container-retention-policy's releases.

v3.0.0

Disclaimer: This release breaks the API of the action to a large degree. It might be wise to run the action with dry-run: true after upgrading.

This release is a complete rewrite of the action, tackling most if not all open issues in the issue tracker. Some of the highlights include:

  • Simplifying and consolidating the inputs of the action
  • Improving the runtime performance, and the initialization time of the action in CI
  • Support for multi-platform packages
  • Support for new token types (secrets.GITHUB_TOKEN and Github app tokens)
  • Much better handling of GitHub API rate limits

💥 There are a lot of breaking changes, so we've included a migration guide at the bottom of this post, to make things a bit simpler.

Since the release introduces a few thousand lines of code, we expect there may be a few things left to iron out. If you run into any problems, please share them in the v3 release issue.


In addition to what's mentioned above, other new features and changes include:

  • Significant effort has been spent on improving the logging, to give better insights into what exactly is happening
  • Updated license from BSD-3 to MIT.
  • The available syntax for image-names and image-tags previously allowed wildcards (using the * character). We now also allow the ? character to express a single-character wildcard. For example, the pattern ca? will match car and cat. See the wildmatch docs for details.

In addition to changing the inputs of the action (more details below), there are a few other breaking changes:

  • We'll no longer maintain mutable major and minor version tags for the action. There will be no v3 target for the action, just v3.0.0 and other exact versions. Mutable major version tags are generally hard to maintain and not much safer than tracking the main branch, so more precise tag tracking should reduce the likelihood of broken runs going forward. Paired with dependabot, upgrading should not be much harder than it has been.
  • The needs-assistance output was deleted

And in terms of performance improvements:

  • The action has been rewritten from a composite action to a container action, and the total size of the new image is < 10Mi.
  • The action would previously take ~30 seconds to initialize and would require a Python runtime. The action now starts in less than a second, and runs as a standalone binary.
  • The runtime of the action has been reduced, and assuming we need to delete less than 180 package versions, the action completes in, at most, a few seconds. See this example of a recent run. When we have to delete more than 180 package versions, there's a minute of waiting for every 180 new package versions, as a consequence of GitHub's secondary API rate limits. See the new README for details.

Migration guide

  • The account-type and org-name inputs have been replaced with account, which should be set to the literal string "user" if you previously used account-type: personal and to the organization name otherwise:

    - account-type: personal
    + account: user

    or

    - account-type: organization
    - org-name: acme
    + account: acme

... (truncated)

Commits
  • 4f22ef8 fix: Correct oauth scope check
  • def81c2 fix(ci): Use input version tag when building image
  • ab30663 chore: Update docs for release and update action image
  • 7793513 chore(deps): bump docker/build-push-action from 5 to 6
  • 79a0b31 Remove oauth token
  • 851b141 Rewrite the action in Rust
  • 178bc0b chore: Update test workflow to test v3-develop branch
  • e6eea47 fix(workflows): Correct script and run every 3 hours
  • 3bfc979 fix(ci): Revise test dockerfile
  • e66905c refactor(ci): Add variables to reduce clutter
  • Additional commits viewable in compare view

Updates github/codeql-action from 3.25.6 to 3.25.10

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

  • Update default CodeQL bundle version to 2.17.1. #2247
  • Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

... (truncated)

Commits
  • 23acc5c Merge pull request #2337 from github/update-v3.25.10-5bf6dad35
  • 9b72dbd Update changelog for v3.25.10
  • 5bf6dad Merge pull request #2329 from github/henrymercer/csharp-buildless-rollback-me...
  • feec81c Merge branch 'main' into henrymercer/csharp-buildless-rollback-mechanism
  • 789b5f8 Merge pull request #2328 from github/henrymercer/direct-tracing-fix
  • c36b5fc Merge pull request #2327 from github/update-bundle/codeql-bundle-v2.17.5
  • b3642aa Merge branch 'main' into update-bundle/codeql-bundle-v2.17.5
  • 1fc6e20 Merge pull request #2335 from github/mergeback/v3.25.9-to-main-530d4fea
  • 356bee4 Update checked-in dependencies
  • 385808c Update changelog and version after v3.25.9
  • Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.3.2 to 4.3.3

Release notes

Sourced from actions/dependency-review-action's releases.

Notes for v4.3.3

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

Commits

Updates bridgecrewio/checkov-action from 12.2762.0 to 12.2787.0

Commits
  • ebff1eb Bump checkov container version to 3.2.145
  • 4a43ee1 Bump checkov container version to 3.2.144
  • d3328ad Bump checkov container version to 3.2.141
  • 8b9814d Bump checkov container version to 3.2.140
  • 14c88c2 Bump checkov container version to 3.2.139
  • 52f5b59 Bump checkov container version to 3.2.138
  • 2d2a17c Bump checkov container version to 3.2.137
  • 5ec4b94 Bump checkov container version to 3.2.136
  • 21f06df Bump checkov container version to 3.2.135
  • 14850e6 Bump checkov container version to 3.2.134
  • Additional commits viewable in compare view

Updates docker/build-push-action from 5.3.0 to 6.1.0

Release notes

Sourced from docker/build-push-action's releases.

v6.1.0

Full Changelog: docker/build-push-action@v6.0.2...v6.1.0

v6.0.2

Full Changelog: docker/build-push-action@v6.0.1...v6.0.2

v6.0.1

Full Changelog: docker/build-push-action@v6.0.0...v6.0.1

v6.0.0

[!NOTE] This major release adds support for generating Build summary and exporting build record for your build. You can disable this feature by setting DOCKER_BUILD_NO_SUMMARY: true environment variable in your workflow.

Full Changelog: docker/build-push-action@v5.4.0...v6.0.0

v5.4.0

Full Changelog: docker/build-push-action@v5.3.0...v5.4.0

Commits
  • 31159d4 Merge pull request #1149 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 07e1c3e chore: update generated content
  • f7febd6 chore(deps): Bump @​docker/actions-toolkit from 0.26.2 to 0.27.0
  • f6010ea Merge pull request #1147 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • c0a6b96 chore: update generated content
  • 0dfe9c3 chore(deps): Bump @​docker/actions-toolkit from 0.26.1 to 0.26.2
  • 94f8f8c Merge pull request #1142 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 22f4433 chore: update generated content
  • 6721c56 chore(deps): Bump @​docker/actions-toolkit from 0.26.0 to 0.26.1
  • 4367da9 Merge pull request #1140 from docker/dependabot/github_actions/docker/bake-ac...
  • Additional commits viewable in compare view

Updates mikepenz/action-junit-report from 4.2.1 to 4.3.1

Release notes

Sourced from mikepenz/action-junit-report's releases.

v4.3.1

🐛 Fixes

  • Revert optimisation to skip processing of scucessful tests

v4.3.0

[!CAUTION] This version has a bug resulting in passed annotations not being created. Use v4.3.1 (or newer) instead See the report here: mikepenz/action-junit-report#1121

🚀 Features

  • Improve performance of action's processing

📦 Dependencies

  • Dependency Upgrades

v4.2.2

🚀 Features

📦 Dependencies

  • Dependency upgrades
Commits
  • db71d41 Merge pull request #1122 from mikepenz/fix/1121
  • 2d70fb2 - revert testcase
  • c4cd1de - revert annotation optimisation (Skip processing of successful tests if `inc...
  • eb1a2b2 Merge pull request #1111 from mikepenz/feature/dependency_updates_20240620
  • 71ce529 ```
  • d8a34d8 Merge branch 'refs/heads/GUI-perf'
  • 8aa8974 - slight enhancement
  • a0437c7 Skip processing of successful tests if include_passed is not enabled.
  • 1ba5f45 Improve performance by caching repeated file glob results.
  • ac30be7 Merge pull request #1101 from mikepenz/feature/dependency_updates_20240530
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…updates

Bumps the gh-actions-packages group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.6` | `4.1.7` |
| [snok/container-retention-policy](https://github.com/snok/container-retention-policy) | `2.2.1` | `3.0.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.6` | `3.25.10` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.2` | `4.3.3` |
| [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2762.0` | `12.2787.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `6.1.0` |
| [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `4.2.1` | `4.3.1` |



Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@a5ac7e5...692973e)

Updates `snok/container-retention-policy` from 2.2.1 to 3.0.0
- [Release notes](https://github.com/snok/container-retention-policy/releases)
- [Commits](snok/container-retention-policy@b56f4ff...4f22ef8)

Updates `github/codeql-action` from 3.25.6 to 3.25.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9fdb3e4...23acc5c)

Updates `actions/dependency-review-action` from 4.3.2 to 4.3.3
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@0c155c5...72eb03d)

Updates `bridgecrewio/checkov-action` from 12.2762.0 to 12.2787.0
- [Release notes](https://github.com/bridgecrewio/checkov-action/releases)
- [Commits](bridgecrewio/checkov-action@cbef505...ebff1eb)

Updates `docker/build-push-action` from 5.3.0 to 6.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@2cdde99...31159d4)

Updates `mikepenz/action-junit-report` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/mikepenz/action-junit-report/releases)
- [Commits](mikepenz/action-junit-report@9379f0c...db71d41)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: snok/container-retention-policy
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: bridgecrewio/checkov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
- dependency-name: mikepenz/action-junit-report
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 25, 2024
Copy link

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3132695.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/.reusable-sast.yml

PackageVersionLicenseIssue Type
bridgecrewio/checkov-actionebff1eb63648a05e86b2f15cfe439551a7d70070NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/snok/container-retention-policy 4f22ef80902ad409ed55a99dc5133cc1250a0d03 🟢 5.2
Details
CheckScoreReason
Code-Review🟢 5Found 10/17 approved changesets -- score normalized to 5
Maintained🟢 104 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License⚠️ 0license file not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/snok/container-retention-policy b56f4ff7539c1f94f01e5dc726671cd619aa8072 🟢 5.2
Details
CheckScoreReason
Code-Review🟢 5Found 10/17 approved changesets -- score normalized to 5
Maintained🟢 104 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License⚠️ 0license file not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/dependency-review-action 72eb03d02c7872a771aacd928f3123ac62ad6d3a 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif 23acc5c183826b7a8a97bce3cecc52db901f8251 UnknownUnknown
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/dependency-review-action 0c155c5e8556a497adf53f2c18edabf945ed8e70 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif 9fdb3e49720b44c48891d036bb502feb25684276 UnknownUnknown
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/bridgecrewio/checkov-action ebff1eb63648a05e86b2f15cfe439551a7d70070 UnknownUnknown
actions/github/codeql-action/analyze 23acc5c183826b7a8a97bce3cecc52db901f8251 UnknownUnknown
actions/github/codeql-action/init 23acc5c183826b7a8a97bce3cecc52db901f8251 UnknownUnknown
actions/github/codeql-action/upload-sarif 23acc5c183826b7a8a97bce3cecc52db901f8251 UnknownUnknown
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/bridgecrewio/checkov-action cbef505ba3282486a24541d7c862e19266ad0d96 UnknownUnknown
actions/github/codeql-action/analyze 9fdb3e49720b44c48891d036bb502feb25684276 UnknownUnknown
actions/github/codeql-action/init 9fdb3e49720b44c48891d036bb502feb25684276 UnknownUnknown
actions/github/codeql-action/upload-sarif 9fdb3e49720b44c48891d036bb502feb25684276 UnknownUnknown
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/docker/build-push-action 31159d49c0d4756269a0940a750801a1ea5d7003 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 2/3 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Fuzzing⚠️ 0project is not fuzzed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/mikepenz/action-junit-report db71d41eb79864e25ab0337e395c352e84523afe 🟢 5.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/14 approved changesets -- score normalized to 1
Maintained🟢 1014 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/docker/build-push-action 2cdde995de11925a030ce8070c3d77a52ffcf1c0 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 2/3 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Fuzzing⚠️ 0project is not fuzzed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/mikepenz/action-junit-report 9379f0ccddcab154835d4e2487555ee79614fe95 🟢 5.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/14 approved changesets -- score normalized to 1
Maintained🟢 1014 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 692973e3d937129bcbf40652eb9f2f61becf3332 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout a5ac7e51b41094c92402da3b24376905380afc29 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/.reusable-build.yml
.github/workflows/.reusable-cleanup-registry.yml
.github/workflows/.reusable-compliance.yml
.github/workflows/.reusable-docs.yml
.github/workflows/.reusable-integration-test.yml
.github/workflows/.reusable-sast.yml
.github/workflows/.reusable-sca.yml
.github/workflows/.reusable-unit-test.yml
.github/workflows/semgrep.yml

Copy link

Coverage

Coverage Report
FileStmtsMissCoverMissing
semgr8s
   __main__.py18180%5–32
   app.py81495%117, 177–178, 209
   k8s_api.py22291%43–44
   updater.py29293%49–50
TOTAL2022687% 

Tests Skipped Failures Errors Time
18 0 💤 0 ❌ 0 🔥 2.201s ⏱️

Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 26, 2024

Superseded by #295.

@dependabot dependabot bot closed this Jun 26, 2024
@dependabot dependabot bot deleted the dependabot/github_actions/dev/gh-actions-packages-32919515d2 branch June 26, 2024 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants