From e8f3c5c3e6eeec9dc27187f5167afcf87eb69da9 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Fri, 24 Nov 2023 12:23:51 -0800 Subject: [PATCH 1/2] [StepSecurity] Apply security best practices (#1) * [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot * Update dependabot.yml Signed-off-by: Joyce * Update labeler.yml Signed-off-by: Joyce --------- Signed-off-by: StepSecurity Bot Signed-off-by: Joyce Co-authored-by: Joyce --- .github/dependabot.yml | 18 ++++++++++++++++++ .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/labeler.yml | 2 +- 3 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..ea7871d39 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/.github/workflows/codeql-analysis.yml" + schedule: + interval: "monthly" + groups: + github-actions: + patterns: + - "*" + - package-ecosystem: "github-actions" + directory: "/.github/workflows/labeler.yml" + schedule: + interval: "monthly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 93923a182..a4362e198 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -27,18 +27,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 with: languages: c-cpp # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 11925e1af..d3915f1cb 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - - uses: srvaroa/labeler@master + - uses: srvaroa/labeler@74404350883f8b689b026d8747622bd12d3f070a # v1.8.0 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 2890205f43bfa0ddf3245de81f5885e7e3179761 Mon Sep 17 00:00:00 2001 From: Joyce Date: Fri, 24 Nov 2023 17:49:36 -0300 Subject: [PATCH 2/2] Update dependabot.yml Signed-off-by: Joyce --- .github/dependabot.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ea7871d39..2390d8c80 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,15 +1,7 @@ version: 2 updates: - package-ecosystem: "github-actions" - directory: "/.github/workflows/codeql-analysis.yml" - schedule: - interval: "monthly" - groups: - github-actions: - patterns: - - "*" - - package-ecosystem: "github-actions" - directory: "/.github/workflows/labeler.yml" + directory: "/" schedule: interval: "monthly" groups: