build(deps): Bump orhun/git-cliff-action from 4.6.0 to 4.7.0 #1291

Workflow file for this run

.github/workflows/osv-scanner.yml at c87c0d4

	---
	# This workflow uses actions that are not certified by GitHub. They are provided
	# by a third-party and are governed by separate terms of service, privacy
	# policy, and support documentation.

	name: OSV Scanner
	on:
	workflow_dispatch:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	# Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
	actions: read
	# Require writing security events to upload SARIF file to security tab
	security-events: write
	# Only need to read contents
	contents: read

	jobs:
	osv_scanner_job:
	runs-on: ubuntu-latest
	name: Scan for vulns
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
	with:
	disable-sudo: false
	egress-policy: block
	allowed-endpoints: >
	api.cloudflare.com:443
	api.deps.dev:443
	api.github.com:443
	api.gumroad.com:443
	api.osv.dev:443
	api.scorecard.dev:443
	api.securityscorecards.dev:443
	checkpoint-api.hashicorp.com:443
	fulcio.sigstore.dev:443
	get.opentofu.org:443
	ghcr.io:443
	github.com:443
	gitlab.com:443
	golang.org:443
	goreleaser.com:443
	objects.githubusercontent.com:443
	oss-fuzz-build-logs.storage.googleapis.com:443
	osv-vulnerabilities.storage.googleapis.com:443
	pkg-containers.githubusercontent.com:443
	proxy.golang.org:443
	registry.npmjs.org:443
	rekor.sigstore.dev:443
	releases.hashicorp.com:443
	release-assets.githubusercontent.com:443
	storage.googleapis.com:443
	sum.golang.org:443
	tuf-repo-cdn.sigstore.dev:443
	uploads.github.com:443
	vuln.go.dev:443
	www.bestpractices.dev:443

	- name: Checkout Source
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: "Run scanner on existing code"
	uses: google/osv-scanner-action/osv-scanner-action@375a0e8ebdc98e99b02ac4338a724f5750f21213 # v2.2.1
	continue-on-error: true
	with:
	scan-args: \|-
	--format=json
	--output=results.json
	--recursive .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump orhun/git-cliff-action from 4.6.0 to 4.7.0 #1291

Workflow file

build(deps): Bump orhun/git-cliff-action from 4.6.0 to 4.7.0 #1291

Uh oh!

Workflow file for this run