From c80d3cb8d7bfabae9f047f6b8ea68792dd2ebcf6 Mon Sep 17 00:00:00 2001 From: Michael Kedar Date: Wed, 2 Oct 2024 16:16:36 +1000 Subject: [PATCH 1/3] Update actions to use v1.9.0 osv-scanner image --- README.md | 2 +- osv-reporter-action/action.yml | 2 +- osv-scanner-action/action.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e870350..7c63eca 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # OSV-Scanner CI/CD Action -[![Release v1.8.5](https://img.shields.io/badge/release-v1.8.5-blue?style=flat)](https://github.com/google/osv-scanner-action/releases) +[![Release v1.9.0](https://img.shields.io/badge/release-v1.9.0-blue?style=flat)](https://github.com/google/osv-scanner-action/releases) The OSV-Scanner CI/CD action leverages the [OSV.dev](https://osv.dev/) database and the [OSV-Scanner](https://google.github.io/osv-scanner/) CLI tool to track and notify you of known vulnerabilities in your dependencies for over 11 [languages and ecosystems](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/). diff --git a/osv-reporter-action/action.yml b/osv-reporter-action/action.yml index e7549e7..72f2dd4 100644 --- a/osv-reporter-action/action.yml +++ b/osv-reporter-action/action.yml @@ -22,7 +22,7 @@ inputs: required: true runs: using: "docker" - image: "docker://ghcr.io/google/osv-scanner-action:v1.8.5" + image: "docker://ghcr.io/google/osv-scanner-action:v1.9.0" entrypoint: /root/osv-reporter args: - "${{ inputs.scan-args }}" diff --git a/osv-scanner-action/action.yml b/osv-scanner-action/action.yml index faa2651..621e133 100644 --- a/osv-scanner-action/action.yml +++ b/osv-scanner-action/action.yml @@ -25,6 +25,6 @@ inputs: ./ runs: using: "docker" - image: "docker://ghcr.io/google/osv-scanner-action:v1.8.5" + image: "docker://ghcr.io/google/osv-scanner-action:v1.9.0" args: - ${{ inputs.scan-args }} From 1748759ebfcc44efbab41fc085665c64558eb9da Mon Sep 17 00:00:00 2001 From: Michael Kedar Date: Wed, 2 Oct 2024 16:16:36 +1000 Subject: [PATCH 2/3] Update reusable workflows to point to v1.9.0 actions --- .github/workflows/osv-scanner-reusable-pr.yml | 6 +++--- .github/workflows/osv-scanner-reusable.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml index b9c8f31..719e8ef 100644 --- a/.github/workflows/osv-scanner-reusable-pr.yml +++ b/.github/workflows/osv-scanner-reusable-pr.yml @@ -56,7 +56,7 @@ jobs: - name: "Checkout target branch" run: git checkout $GITHUB_BASE_REF - name: "Run scanner on existing code" - uses: google/osv-scanner-action/osv-scanner-action@c8774f9a566b87da6d60dc699730b268382bcd4e # v1.8.5 + uses: google/osv-scanner-action/osv-scanner-action@c80d3cb8d7bfabae9f047f6b8ea68792dd2ebcf6 # v1.9.0 continue-on-error: true with: scan-args: |- @@ -67,7 +67,7 @@ jobs: # Use -f in case any changes were made by osv-scanner (there should be no changes) run: git checkout -f $GITHUB_SHA - name: "Run scanner on new code" - uses: google/osv-scanner-action/osv-scanner-action@c8774f9a566b87da6d60dc699730b268382bcd4e # v1.8.5 + uses: google/osv-scanner-action/osv-scanner-action@c80d3cb8d7bfabae9f047f6b8ea68792dd2ebcf6 # v1.9.0 with: scan-args: |- --format=json @@ -75,7 +75,7 @@ jobs: ${{ inputs.scan-args }} continue-on-error: true - name: "Run osv-scanner-reporter" - uses: google/osv-scanner-action/osv-reporter-action@c8774f9a566b87da6d60dc699730b268382bcd4e # v1.8.5 + uses: google/osv-scanner-action/osv-reporter-action@c80d3cb8d7bfabae9f047f6b8ea68792dd2ebcf6 # v1.9.0 with: scan-args: |- --output=${{ inputs.results-file-name }} diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml index 950afa0..13b2438 100644 --- a/.github/workflows/osv-scanner-reusable.yml +++ b/.github/workflows/osv-scanner-reusable.yml @@ -64,7 +64,7 @@ jobs: name: "${{ inputs.download-artifact }}" path: "./" - name: "Run scanner" - uses: google/osv-scanner-action/osv-scanner-action@c8774f9a566b87da6d60dc699730b268382bcd4e # v1.8.5 + uses: google/osv-scanner-action/osv-scanner-action@c80d3cb8d7bfabae9f047f6b8ea68792dd2ebcf6 # v1.9.0 with: scan-args: |- --output=results.json @@ -72,7 +72,7 @@ jobs: ${{ inputs.scan-args }} continue-on-error: true - name: "Run osv-scanner-reporter" - uses: google/osv-scanner-action/osv-reporter-action@c8774f9a566b87da6d60dc699730b268382bcd4e # v1.8.5 + uses: google/osv-scanner-action/osv-reporter-action@c80d3cb8d7bfabae9f047f6b8ea68792dd2ebcf6 # v1.9.0 with: scan-args: |- --output=${{ inputs.results-file-name }} From 305dc322e6d18e10ee0ef4fddccec301be3aece2 Mon Sep 17 00:00:00 2001 From: Michael Kedar Date: Wed, 2 Oct 2024 16:16:36 +1000 Subject: [PATCH 3/3] Update unified workflow example to point to v1.9.0 reusable workflows --- .github/workflows/osv-scanner-unified-workflow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/osv-scanner-unified-workflow.yml b/.github/workflows/osv-scanner-unified-workflow.yml index 8800421..d210511 100644 --- a/.github/workflows/osv-scanner-unified-workflow.yml +++ b/.github/workflows/osv-scanner-unified-workflow.yml @@ -35,7 +35,7 @@ permissions: jobs: scan-scheduled: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@7c52d44abe9736f8a11bac47f6baadad7b3389f5" # v1.8.5 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1748759ebfcc44efbab41fc085665c64558eb9da" # v1.9.0 with: # Example of specifying custom arguments scan-args: |- @@ -44,7 +44,7 @@ jobs: ./ scan-pr: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@7c52d44abe9736f8a11bac47f6baadad7b3389f5" # v1.8.5 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1748759ebfcc44efbab41fc085665c64558eb9da" # v1.9.0 with: # Example of specifying custom arguments scan-args: |-