diff --git a/.github/workflows/cid-ossf.yml b/.github/workflows/cid-ossf.yml index 067c544..fc5bd32 100644 --- a/.github/workflows/cid-ossf.yml +++ b/.github/workflows/cid-ossf.yml @@ -1,4 +1,4 @@ -# cid-workflow-version: 0.0.21 +# cid-workflow-version: 0.0.23 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! @@ -55,19 +55,21 @@ jobs: storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443 + api.securityscorecards.dev:443 + api.scorecard.dev:443 + api.deps.dev:443 api.osv.dev:443 www.bestpractices.dev:443 oss-fuzz-build-logs.storage.googleapis.com:443 rekor.sigstore.dev:443 fulcio.sigstore.dev:443 tuf-repo-cdn.sigstore.dev:443 - api.securityscorecards.dev:443 - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - name: OSSF Analysis - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif diff --git a/.github/workflows/cid-pullrequest.yml b/.github/workflows/cid-pullrequest.yml index 7db4147..6c7f46b 100644 --- a/.github/workflows/cid-pullrequest.yml +++ b/.github/workflows/cid-pullrequest.yml @@ -1,4 +1,4 @@ -# cid-workflow-version: 0.0.21 +# cid-workflow-version: 0.0.23 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! diff --git a/.github/workflows/cid.yml b/.github/workflows/cid.yml index 87c18ef..ac4e651 100644 --- a/.github/workflows/cid.yml +++ b/.github/workflows/cid.yml @@ -1,4 +1,4 @@ -# cid-workflow-version: 0.0.21 +# cid-workflow-version: 0.0.23 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT!