Skip to content

ci(deps): bump firestoned/github-actions/security/license-check from 1.3.6 to 1.3.7 #253

ci(deps): bump firestoned/github-actions/security/license-check from 1.3.6 to 1.3.7

ci(deps): bump firestoned/github-actions/security/license-check from 1.3.6 to 1.3.7 #253

Status Failure
Total duration 13m 28s
Artifacts 7

build.yaml

on: pull_request
🔐 Verify Signed Commits
10s
🔐 Verify Signed Commits
⚖️ Verify SPDX License Headers
9s
⚖️ Verify SPDX License Headers
🧾 Validate VEX Statements
15s
🧾 Validate VEX Statements
🔏 Validate Auto-VEX Sign-off
2m 3s
🔏 Validate Auto-VEX Sign-off
🛡️ Security Vulnerability Scan
33s
🛡️ Security Vulnerability Scan
🏗️ IaC Security Scan (Trivy config)
34s
🏗️ IaC Security Scan (Trivy config)
🧪 cargo-deny (License + Advisory + Sources)
37s
🧪 cargo-deny (License + Advisory + Sources)
🏷️ Extract Version Information
16s
🏷️ Extract Version Information
🎨 Check Formatting
28s
🎨 Check Formatting
Matrix: build
📦 Package Deployment Manifests
📦 Package Deployment Manifests
Matrix: ✍️ Sign Binary Artifacts
🔬 Generate SLSA Provenance Subjects
🔬 Generate SLSA Provenance Subjects
Matrix: docker
🏛️ Generate SLSA Provenance  /  detect-env
🏛️ Generate SLSA Provenance / detect-env
Matrix: grype-triage
Matrix: attest
🏛️ Generate SLSA Provenance  /  generator
🏛️ Generate SLSA Provenance / generator
🤖 Auto-VEX (reachability)
🤖 Auto-VEX (reachability)
🤖 Auto-VEX (presence)
🤖 Auto-VEX (presence)
🏛️ Generate SLSA Provenance  /  upload-assets
🏛️ Generate SLSA Provenance / upload-assets
🧾 Assemble OpenVEX
🧾 Assemble OpenVEX
🏛️ Generate SLSA Provenance  /  final
🏛️ Generate SLSA Provenance / final
Matrix: grype
🚀 Upload Release Assets
🚀 Upload Release Assets
Fit to window
Zoom out
Zoom in

Annotations

1 error and 13 warnings
🛡️ Security Vulnerability Scan
Process completed with exit code 1.
🛡️ Security Vulnerability Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4, actions/upload-artifact@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🔏 Validate Auto-VEX Sign-off
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
📎 Clippy
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux ARM64
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux x86_64
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🧪 Test
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Distroless
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Chainguard
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Variables should be defined before their use: Dockerfile.chainguard#L40
UndefinedVar: Usage of undefined variable '$BASE_IMAGE' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
🔏 Attest Docker Image - Distroless
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Distroless
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record
🔏 Attest Docker Image - Chainguard
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Chainguard
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record

Artifacts

Produced during runtime
Name Size Digest
5spot-linux-amd64 Expired
13.1 MB
sha256:3a12bc8f95d0fd3588796e0d670700912113016a2374ff332b6cb3dccefd9f59
5spot-linux-arm64 Expired
12.6 MB
sha256:9caddb566ef61fb376cd1d3d13739c698c18fbc9dc7e20aeb98c32aea7a525e8
cargo-audit-report
1.04 KB
sha256:1afb16279f834f522da418b3eaa1fc207437feaef9e8f407fa39aed93247bd52
finos~5-spot~C96CHO.dockerbuild
77.5 KB
sha256:3fcde1bff4c4f12ce7cbbbd6e172c3309b6ea1f34dc155617df92339281a7be2
finos~5-spot~F5I89P.dockerbuild
94.9 KB
sha256:f77c7a754f9a6a78bb2b03d38b134af4918fa9498fe86a24b1299c826d37e0ac
grype-pull_request-Chainguard-253
385 Bytes
sha256:eb6f7edc88d69ffd163bec52d5d9d656f2e05af68f18f2098beb63536ed2c27e
grype-pull_request-Distroless-253
3.72 KB
sha256:0d71c45d0a8b201c970d4f2169f0929804e8e87285315de64ca07f7e4e671e2f