diff --git a/security-actions/sca/action.yml b/security-actions/sca/action.yml index 9065107a..dce95dc8 100644 --- a/security-actions/sca/action.yml +++ b/security-actions/sca/action.yml @@ -127,7 +127,7 @@ runs: fail: true - name: Download Grype - uses: anchore/scan-action/download-grype@v4.1.2 + uses: anchore/scan-action/download-grype@v5.0.0 # Skip Cache Restoration: If skip_grype_db_cache is true, skip the restoration of the cache. # Check for any existing cache to reuse @@ -203,7 +203,7 @@ runs: # Don't fail during report generation - name: Vulnerability analysis of SBOM - uses: anchore/scan-action@v4.1.2 + uses: anchore/scan-action@v5.0.0 id: grype_analysis_sarif if: ${{ steps.sbom_report.outputs.files_exists == 'true' && steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} # Run only if DB is available on the runner }} with: @@ -216,7 +216,7 @@ runs: # Don't fail during report generation # JSON format will report any ignored rules - name: Vulnerability analysis of SBOM - uses: anchore/scan-action@v4.1.2 + uses: anchore/scan-action@v5.0.0 id: grype_analysis_json if: ${{ steps.sbom_report.outputs.files_exists == 'true' && steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} # Run only if DB is available on the runner}} with: @@ -268,7 +268,7 @@ runs: # Notify grype quick scan results in table format # Table format will supress any specified ignore rules - name: Inspect Vulnerability analysis of SBOM - uses: anchore/scan-action@v4.1.2 + uses: anchore/scan-action@v5.0.0 if: ${{ steps.sbom_report.outputs.files_exists == 'true' && steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} with: sbom: ${{ steps.meta.outputs.sbom_spdx_file }}