Merge pull request #326 from Nordix/lentzi90/bump-osv-scanner

metal3-io-bot · web-flow · commit c0fab84ac212 · 2025-08-12T15:32:32.000+03:00
🌱 Bump OSV scanner action to fix SARIF upload issue
diff --git a/.github/workflows/osv-scanner-scan.yml b/.github/workflows/osv-scanner-scan.yml
@@ -6,6 +6,9 @@ on:
   workflow_dispatch:
   schedule:
   - cron: "36 6 * * *"
+  pull_request:
+    paths:
+    - '.github/workflows/osv-scanner-scan.yml'
 
 permissions: {}
 
@@ -28,7 +31,7 @@ jobs:
         go-version: ${{ steps.vars.outputs.go_version }}
     # NOTE: this "go install" is not updated by Dependabot
     - name: Install OSV Scanner
-      run: go install github.com/google/osv-scanner/v2/cmd/osv-scanner@9267fda97136812f3217852fd380104487cf4a00 # v2.1.0
+      run: go install github.com/google/osv-scanner/v2/cmd/osv-scanner@a14aa98ab8408547083d4411091c5fbaf5b47d8e # v2.2.0
     - name: Run OSV Scanner
       id: osv-scan
       run: |
@@ -39,7 +42,7 @@ jobs:
         echo "has_vulnerabilities=$(jq '.results | length > 0' results.json)" >> "${GITHUB_OUTPUT}"
       continue-on-error: true
     - name: "Run OSV Scanner Reporter"
-      uses: google/osv-scanner/actions/reporter@9267fda97136812f3217852fd380104487cf4a00 # v2.1.0
+      uses: google/osv-scanner/actions/reporter@a14aa98ab8408547083d4411091c5fbaf5b47d8e # v2.2.0
       with:
         scan-args: |-
           --output=results.sarif
diff --git a/hack/verify-release.sh b/hack/verify-release.sh
@@ -139,11 +139,11 @@ if [[ -n "${CONTAINER_RUNTIME}" ]]; then
         "${CONTAINER_RUNTIME}" run --rm
         -v "${PWD}":"/src:ro,z"
         -w /src
-        ghcr.io/google/osv-scanner:v2.1.0@sha256:9a1ba57d2a1506c9e9d0dfbeaf46346507e829745b70d47d77e12c38e66de8d7
+        ghcr.io/google/osv-scanner:v2.2.0@sha256:edad0349f4e50fad17d1803af2fda9a0f0d9f32ccb927b0901c93bc2dc03b53a
     )
 else
     # go install github.com/google/go-containerregistry/cmd/gcrane@latest
-    # go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.1.0
+    # go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.2.0
     required_tools+=(
         gcrane
         osv-scanner
@@ -205,7 +205,7 @@ check_tools()
         case "${tool}" in
             osv-scanner)
                 version=$("${OSVSCANNER_CMD[@]}" -v | grep version | cut -f3 -d" ")
-                min_version="2.1.0"
+                min_version="2.2.0"
                 ;;
             *)
                 # dummy values here for other tools
