diff --git a/.github/workflows/blackduck_scan_scheduled.yaml b/.github/workflows/blackduck_scan_scheduled.yaml index 78ac406..c4ff387 100644 --- a/.github/workflows/blackduck_scan_scheduled.yaml +++ b/.github/workflows/blackduck_scan_scheduled.yaml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v4 - name: Blackduck Full Scan - uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 + uses: blackduck-inc/black-duck-security-scan@6ee400ee2502a366bdff13cddae76bbde804fd20 env: DETECT_PROJECT_USER_GROUPS: opencomponentmodel DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS diff --git a/.github/workflows/mend_scan.yaml b/.github/workflows/mend_scan.yaml index afb5102..a399cb8 100644 --- a/.github/workflows/mend_scan.yaml +++ b/.github/workflows/mend_scan.yaml @@ -41,7 +41,7 @@ jobs: go-version-file: '${{ github.workspace }}/go.mod' - name: 'Setup jq' - uses: dcarbone/install-jq-action@e397bd87438d72198f81efd21f876461183d383a + uses: dcarbone/install-jq-action@f0e10f46ff84f4d32178b4b76e1ef180b16f82c3 with: version: '1.7' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 868de8c..a13c1bc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -98,11 +98,11 @@ jobs: mkdir -p output kustomize build ./config/default > ./output/install.yaml - name: Setup Syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 + uses: anchore/sbom-action/download-syft@9f7302141466aa6482940f15371237e9d9f4c34a # v0.19.0 - name: Setup Cosign - uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e + uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb - name: Run goreleaser - uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf + uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 with: distribution: goreleaser version: latest