Skip to content

ci(deps): bump firestoned/github-actions/rust/security-scan from 1.3.6 to 1.3.7 #254

ci(deps): bump firestoned/github-actions/rust/security-scan from 1.3.6 to 1.3.7

ci(deps): bump firestoned/github-actions/rust/security-scan from 1.3.6 to 1.3.7 #254

Status Failure
Total duration 13m 23s
Artifacts 7

build.yaml

on: pull_request
🔐 Verify Signed Commits
16s
🔐 Verify Signed Commits
⚖️ Verify SPDX License Headers
6s
⚖️ Verify SPDX License Headers
🧾 Validate VEX Statements
22s
🧾 Validate VEX Statements
🔏 Validate Auto-VEX Sign-off
2m 26s
🔏 Validate Auto-VEX Sign-off
🛡️ Security Vulnerability Scan
28s
🛡️ Security Vulnerability Scan
🏗️ IaC Security Scan (Trivy config)
39s
🏗️ IaC Security Scan (Trivy config)
🧪 cargo-deny (License + Advisory + Sources)
23s
🧪 cargo-deny (License + Advisory + Sources)
🏷️ Extract Version Information
19s
🏷️ Extract Version Information
🎨 Check Formatting
28s
🎨 Check Formatting
Matrix: build
📦 Package Deployment Manifests
📦 Package Deployment Manifests
Matrix: ✍️ Sign Binary Artifacts
🔬 Generate SLSA Provenance Subjects
🔬 Generate SLSA Provenance Subjects
Matrix: docker
🏛️ Generate SLSA Provenance  /  detect-env
🏛️ Generate SLSA Provenance / detect-env
Matrix: grype-triage
Matrix: attest
🏛️ Generate SLSA Provenance  /  generator
🏛️ Generate SLSA Provenance / generator
🤖 Auto-VEX (reachability)
🤖 Auto-VEX (reachability)
🤖 Auto-VEX (presence)
0s
🤖 Auto-VEX (presence)
🏛️ Generate SLSA Provenance  /  upload-assets
🏛️ Generate SLSA Provenance / upload-assets
🧾 Assemble OpenVEX
🧾 Assemble OpenVEX
🏛️ Generate SLSA Provenance  /  final
🏛️ Generate SLSA Provenance / final
Matrix: grype
🚀 Upload Release Assets
0s
🚀 Upload Release Assets
Fit to window
Zoom out
Zoom in

Annotations

1 error and 12 warnings
🛡️ Security Vulnerability Scan
Process completed with exit code 1.
📎 Clippy
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🔏 Validate Auto-VEX Sign-off
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux ARM64
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux x86_64
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🧪 Test
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Chainguard
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Variables should be defined before their use: Dockerfile.chainguard#L40
UndefinedVar: Usage of undefined variable '$BASE_IMAGE' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
🐳 Build and Push Docker Image - Distroless
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🔏 Attest Docker Image - Chainguard
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Chainguard
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record
🔏 Attest Docker Image - Distroless
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Distroless
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record

Artifacts

Produced during runtime
Name Size Digest
5spot-linux-amd64 Expired
13.1 MB
sha256:c3a70a7557b641946e0b25557a1b73785e7c49f228bdeec0ce07737e83ba31e1
5spot-linux-arm64 Expired
12.6 MB
sha256:1b684c73242b6cf9be61065dae613987a2bbad2674860440a945d65705497456
cargo-audit-report
1.04 KB
sha256:7c780001e8ffb0ecf9a2bec9c0fae56a8bbeb3b4fc266a6d4ada593413c4a22d
finos~5-spot~PCJWYH.dockerbuild
98.4 KB
sha256:5274bfdc8bda902af4ddfb211945cf745f50634b32198450362625fd8a2538b6
finos~5-spot~TH38X9.dockerbuild
77.7 KB
sha256:f0485ea9d041e77aa823b8ea35ab836d65df0cf92a712fec24a68a4e04fb37f3
grype-pull_request-Chainguard-254
385 Bytes
sha256:ef4588299354a0593aa6ef5300323361737fba9289f4f535772d0d44a386265e
grype-pull_request-Distroless-254
3.72 KB
sha256:0e89082af89582089cf532fc980c04a08df5d802b3582ea700232c6c8d0628bc