chore(deps): update github/codeql-action action to v3

.github/workflows/anchore.yml

@@ -40,6 +40,6 @@ jobs:
  image: "localbuild/testimage:latest"
  acs-report-enable: true
  - name: Upload Anchore Scan Report
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif

.github/workflows/apisec-scan.yml

@@ -64,6 +64,6 @@ jobs:
  # The name of the sarif format result file The file is written only if this property is provided.
  sarif-result-file: "apisec-results.sarif"
  - name: Import results
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ./apisec-results.sarif

.github/workflows/brakeman.yml

@@ -52,6 +52,6 @@ jobs:
 
  # Upload the SARIF file generated in the previous step
  - name: Upload SARIF
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: output.sarif.json

.github/workflows/checkmarx.yml

@@ -49,6 +49,6 @@ jobs:
  params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
  # Upload the Report for CodeQL/Security Alerts
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: cx.sarif

.github/workflows/clj-holmes.yml

@@ -37,7 +37,7 @@ jobs:
  fail-on-result: 'false'
 
  - name: Upload analysis results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ${{github.workspace}}/clj-holmes-results.sarif
  ait-for-processing: true

.github/workflows/clj-watson.yml

@@ -47,7 +47,7 @@ jobs:
  fail-on-result: false
 
  - name: Upload analysis results to GitHub
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ${{github.workspace}}/clj-watson-results.sarif
  wait-for-processing: true

.github/workflows/codacy.yml

@@ -55,6 +55,6 @@ jobs:
 
  # Upload the SARIF file generated in the previous step
  - name: Upload SARIF results file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif

.github/workflows/codeql.yml

@@ -42,7 +42,7 @@ jobs:
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
  with:
  languages: ${{ matrix.language }}
  # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
  # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  # If this step fails, then you should remove it and run the build manually (see below)
  - name: Autobuild
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@v3
 
  # ℹ️ Command-line programs to run using the OS shell.
  # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,4 +69,4 @@ jobs:
  # ./location_of_script_within_repo/buildscript.sh
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3

.github/workflows/codescan.yml

@@ -43,6 +43,6 @@ jobs:
  organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
  projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: codescan.sarif

.github/workflows/codescaner-analysis.yml

@@ -32,6 +32,6 @@ jobs:
  organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
  projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: codescan.sarif

.github/workflows/contrast-scan.yml

@@ -47,6 +47,6 @@ jobs:
  authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
  #Upload the results to GitHub 
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output

.github/workflows/detekt.yml

@@ -111,7 +111,7 @@ jobs:
  )" > ${{ github.workspace }}/detekt.sarif.json
 
  # Uploads results to GitHub repository using the upload-sarif action
- - uses: github/codeql-action/upload-sarif@v2
+ - uses: github/codeql-action/upload-sarif@v3
  with:
  # Path to SARIF file relative to the root of the repository
  sarif_file: ${{ github.workspace }}/detekt.sarif.json

.github/workflows/devskim.yml

@@ -32,6 +32,6 @@ jobs:
  uses: microsoft/DevSkim-Action@v1
 
  - name: Upload DevSkim scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: devskim-results.sarif

.github/workflows/eslint.yml

@@ -43,7 +43,7 @@ jobs:
  continue-on-error: true
 
  - name: Upload analysis results to GitHub
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: eslint-results.sarif
  wait-for-processing: true

.github/workflows/fortify.yml

@@ -93,6 +93,6 @@ jobs:
 
  # Import Fortify on Demand results to GitHub Security Code Scanning
  - name: Import Results
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ./gh-fortify-sast.sarif

.github/workflows/hadolint.yml

@@ -41,7 +41,7 @@ jobs:
  no-fail: true
 
  - name: Upload analysis results to GitHub
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: hadolint-results.sarif
  wait-for-processing: true

.github/workflows/kubesec.yml

@@ -36,6 +36,6 @@ jobs:
  exit-code: "0"
 
  - name: Upload Kubesec scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: kubesec-results.sarif

.github/workflows/mayhem-for-api.yml

@@ -61,6 +61,6 @@ jobs:
  sarif-report: mapi.sarif
 
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: mapi.sarif

.github/workflows/mobsf.yml

@@ -37,6 +37,6 @@ jobs:
  args: . --sarif --output results.sarif || true
 
  - name: Upload mobsfscan report
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif

.github/workflows/msvc.yml

@@ -53,7 +53,7 @@ jobs:
 
  # Upload SARIF file to GitHub Code Scanning Alerts
  - name: Upload SARIF to GitHub
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ${{ steps.run-analysis.outputs.sarif }}
 

.github/workflows/njsscan.yml

@@ -36,6 +36,6 @@ jobs:
  with:
  args: '. --sarif --output results.sarif || true'
  - name: Upload njsscan report
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif

.github/workflows/nowsecure.yml

@@ -47,7 +47,7 @@ jobs:
  group_id: {{ groupId }} # Update this to your desired Platform group ID
 
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: NowSecure.sarif
  - name: Upload coverage reports to Codecov

.github/workflows/ossar-analysis.yml

@@ -39,6 +39,6 @@ jobs:
 
  # Upload results to the Security tab
  - name: Upload OSSAR results
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ${{ steps.ossar.outputs.sarifFile }}

.github/workflows/ossar.yml

@@ -50,7 +50,7 @@ jobs:
 
  # Upload results to the Security tab
  - name: Upload OSSAR results
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ${{ steps.ossar.outputs.sarifFile }}
  - name: Upload coverage reports to Codecov

.github/workflows/phpmd.yml

@@ -50,7 +50,7 @@ jobs:
  continue-on-error: true
 
  - name: Upload analysis results to GitHub
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: phpmd-results.sarif
  wait-for-processing: true

.github/workflows/pmd.yml

@@ -37,6 +37,6 @@ jobs:
  sourcePath: 'src/main/java'
  analyzeModifiedFilesOnly: false
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: pmd-report.sarif

.github/workflows/powershell.yml

@@ -44,7 +44,7 @@ jobs:
 
  # Upload the SARIF file generated in the previous step
  - name: Upload SARIF results file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif
  - name: Upload coverage reports to Codecov

.github/workflows/rubocop.yml

@@ -47,6 +47,6 @@ jobs:
  "
 
  - name: Upload Sarif output
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: rubocop.sarif

.github/workflows/rust-clippy.yml

@@ -48,7 +48,7 @@ jobs:
  continue-on-error: true
 
  - name: Upload analysis results to GitHub
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: rust-clippy-results.sarif
  wait-for-processing: true

.github/workflows/scorecards.yml

@@ -50,6 +50,6 @@ jobs:
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@4b3fd9198891cf782111537728021ffc6ae722ba # v1.1.37
+ uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
  with:
  sarif_file: results.sarif

.github/workflows/securitycodescan.yml

@@ -38,4 +38,4 @@ jobs:
  uses: security-code-scan/security-code-scan-results-action@579058214e4be88ce9eea302f1fb74df1b8bc1ed
 
  - name: Upload sarif
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3

.github/workflows/semgrep.yml

@@ -42,7 +42,7 @@ jobs:
 
  # Upload SARIF file generated in previous step
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: semgrep.sarif
  if: always()

.github/workflows/snyk-container.yml

@@ -49,6 +49,6 @@ jobs:
  image: your/image-to-test
  args: --file=Dockerfile
  - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: snyk.sarif

.github/workflows/snyk-infrastructure.yml

@@ -48,6 +48,6 @@ jobs:
  # or `main.tf` for a Terraform configuration file
  file: your-file-to-test.yaml
  - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: snyk.sarif

.github/workflows/sobelow.yml

@@ -35,6 +35,6 @@ jobs:
  - id: run-action
  uses: sobelow/action@85a7af55ecfe77cbecbae704398af72df079165e
  - name: Upload report
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: results.sarif

.github/workflows/synopsys-io.yml

@@ -71,7 +71,7 @@ jobs:
 
  - name: Upload SARIF file
  if: ${{steps.prescription.outputs.sastScan == 'true' }}
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  # Path to SARIF file relative to the root of the repository
  sarif_file: workflowengine-results.sarif.json

.github/workflows/sysdig-scan.yml

@@ -54,7 +54,7 @@ jobs:
  # Sysdig inline scanner requires privileged rights
  run-as-user: root
 
- - uses: github/codeql-action/upload-sarif@v2
+ - uses: github/codeql-action/upload-sarif@v3
  #Upload SARIF file
  if: always()
  with:

.github/workflows/tfsec.yml

@@ -32,7 +32,7 @@ jobs:
  sarif_file: tfsec.sarif 
 
  - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  # Path to SARIF file relative to the root of the repository
  sarif_file: tfsec.sarif 

.github/workflows/trivy.yml

@@ -42,6 +42,6 @@ jobs:
  severity: 'CRITICAL,HIGH'
 
  - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: 'trivy-results.sarif'

.github/workflows/veracode.yml

@@ -52,7 +52,7 @@ jobs:
  uses: veracode/veracode-pipeline-scan-results-to-sarif@5dabd37d2721870eecae05fee03d38453c2d32f8
  with:
  pipeline-results-json: results.json
- - uses: github/codeql-action/upload-sarif@v2
+ - uses: github/codeql-action/upload-sarif@v3
  with:
  # Path to SARIF file relative to the root of the repository
  sarif_file: veracode-results.sarif

.github/workflows/xanitizer.yml

@@ -94,6 +94,6 @@ jobs:
  *-Findings-List.sarif
 
  # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
- - uses: github/codeql-action/upload-sarif@v2
+ - uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: Xanitizer-Findings-List.sarif