diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..b4b34ae2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +version: 2 +updates: +# Enable version updates for Actions + - package-ecosystem: github-actions + directory: / + # Check for updates once a month + schedule: + interval: monthly + # Allow up to 15 open pull requests for github-actions dependencies + open-pull-requests-limit: 15 + \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6ee0588f..face3741 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ jobs: platform: [numaker_pfm_m2351, m2351_badge, mps2_an505_qemu] runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: Install extra tools run: | diff --git a/.github/workflows/fossology.yml b/.github/workflows/fossology.yml index 4a9d665f..6a08e4d3 100644 --- a/.github/workflows/fossology.yml +++ b/.github/workflows/fossology.yml @@ -12,7 +12,7 @@ jobs: image: fossology/fossology:scanner steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: Fossology run run: | @@ -22,12 +22,12 @@ jobs: continue-on-error: true - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce with: name: scan-fossology-report path: ./results - name: Artifact download - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: scan-fossology-report \ No newline at end of file diff --git a/.github/workflows/license-finder.yml b/.github/workflows/license-finder.yml index 72dd9c5a..09dc48c2 100644 --- a/.github/workflows/license-finder.yml +++ b/.github/workflows/license-finder.yml @@ -12,7 +12,7 @@ jobs: image: gianlucadb0/license_finder steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: License finder run run: | @@ -20,12 +20,12 @@ jobs: license_finder > ./license-finder-report - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce with: name: scan-license-finder-report path: ./license-finder-report - name: Artifact download - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: scan-license-finder-report diff --git a/.github/workflows/scancode.yml b/.github/workflows/scancode.yml index cace04c7..1eacbd05 100644 --- a/.github/workflows/scancode.yml +++ b/.github/workflows/scancode.yml @@ -12,7 +12,7 @@ jobs: image: gianlucadb0/scancode-toolkit steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: Create results directory run: mkdir results @@ -21,12 +21,12 @@ jobs: run: scancode -clpeui -n 2 --cyclonedx ./results/sbom-cyclonedx --spdx-rdf ./results/sbom-spdx ./ - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce with: name: scan-scancode-report path: ./results/ - name: Artifact download - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: scan-scancode-report \ No newline at end of file diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index f5ea10de..cf6c6737 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: persist-credentials: false @@ -40,7 +40,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce with: name: SARIF file path: results.sarif