From 0b7e60adbec9c7a621673403413162a64eaf9ef6 Mon Sep 17 00:00:00 2001 From: swyrwiak-cu Date: Thu, 14 Mar 2024 21:13:51 +0100 Subject: [PATCH] feat(security): pin semgrep to version 1.65.0 [SEC-8536] --- .github/workflows/semgrep.yml | 2 +- src/semgrep-workflow.ts | 2 +- test/__snapshots__/semgrep-workflow.test.ts.snap | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index ab3a9d2e..e24618bd 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -12,7 +12,7 @@ jobs: name: Scan runs-on: ubuntu-latest container: - image: returntocorp/semgrep@sha256:6c7ab81e4d1fd25a09f89f1bd52c984ce107c6ff33affef6ca3bc626a4cc479b + image: semgrep/semgrep@sha256:d08d065e4041a222e7b54ed2ad8faddfef978bcc210aa9d0b6da93d251082808 steps: - name: Checkout repository uses: actions/checkout@v3 diff --git a/src/semgrep-workflow.ts b/src/semgrep-workflow.ts index 2e3d3200..dacd54e8 100644 --- a/src/semgrep-workflow.ts +++ b/src/semgrep-workflow.ts @@ -19,7 +19,7 @@ export module semgrepWorkflow { 'runs-on': 'ubuntu-latest', container: { // Reocurring task to check the pinned version SEC-8540 - image: 'returntocorp/semgrep@sha256:6c7ab81e4d1fd25a09f89f1bd52c984ce107c6ff33affef6ca3bc626a4cc479b', + image: 'semgrep/semgrep@sha256:d08d065e4041a222e7b54ed2ad8faddfef978bcc210aa9d0b6da93d251082808', }, steps: [ { diff --git a/test/__snapshots__/semgrep-workflow.test.ts.snap b/test/__snapshots__/semgrep-workflow.test.ts.snap index 5ebe7abc..62aac1b6 100644 --- a/test/__snapshots__/semgrep-workflow.test.ts.snap +++ b/test/__snapshots__/semgrep-workflow.test.ts.snap @@ -15,7 +15,7 @@ jobs: name: Scan runs-on: ubuntu-latest container: - image: returntocorp/semgrep@sha256:6c7ab81e4d1fd25a09f89f1bd52c984ce107c6ff33affef6ca3bc626a4cc479b + image: semgrep/semgrep@sha256:d08d065e4041a222e7b54ed2ad8faddfef978bcc210aa9d0b6da93d251082808 steps: - name: Checkout repository uses: actions/checkout@v3 @@ -41,7 +41,7 @@ jobs: name: Scan runs-on: ubuntu-latest container: - image: returntocorp/semgrep@sha256:6c7ab81e4d1fd25a09f89f1bd52c984ce107c6ff33affef6ca3bc626a4cc479b + image: semgrep/semgrep@sha256:d08d065e4041a222e7b54ed2ad8faddfef978bcc210aa9d0b6da93d251082808 steps: - name: Checkout repository uses: actions/checkout@v3