flux2/.github/workflows/scan.yaml

name: scan

on:
  workflow_dispatch:
  push:
    branches: [ 'main', 'release/**' ]
  pull_request:
    branches: [ 'main', 'release/**' ]
  schedule:
    - cron: '18 10 * * 3'

permissions:
  contents: read

jobs:
  scan-fossa:
    runs-on: ubuntu-latest
    if: github.actor != 'dependabot[bot]'
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Run FOSSA scan and upload build data
        uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 # v3.0.0
        with:
          # FOSSA Push-Only API Token
          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
          github-token: ${{ github.token }}

  scan-snyk:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Setup Kustomize
        uses: fluxcd/pkg/actions/kustomize@main
      - name: Setup Go
        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
          go-version: 1.20.x
          cache-dependency-path: |
            **/go.sum
            **/go.mod
      - name: Download modules and build manifests
        run: |
          make tidy
          make cmd/flux/.manifests.done
      - uses: snyk/actions/setup@b98d498629f1c368650224d6d212bf7dfa89e4bf
      - name:  Run Snyk to check for vulnerabilities
        continue-on-error: true
        run: |
          snyk test --sarif-file-output=snyk.sarif
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
        with:
          sarif_file: snyk.sarif

  scan-codeql:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    if: github.actor != 'dependabot[bot]'
    steps:
      - name: Checkout repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Setup Go
        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
          go-version: 1.20.x
          cache-dependency-path: |
            **/go.sum
            **/go.mod
      - name: Initialize CodeQL
        uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
        with:
          languages: go
          # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # xref: https://codeql.github.com/codeql-query-help/go/
          queries: security-and-quality
      - name: Autobuild
        uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
Update GitHub actions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 3 years ago			`name: scan`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago
			`on:`
ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`workflow_dispatch:`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`push:`
ci: enable workflows for `release/**` branches Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`branches: [ 'main', 'release/**' ]`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`pull_request:`
ci: enable workflows for `release/**` branches Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`branches: [ 'main', 'release/**' ]`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`schedule:`
			`- cron: '18 10 * * 3'`

Update GitHub actions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 3 years ago			`permissions:`
ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`contents: read`
Update GitHub actions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 3 years ago
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`jobs:`
ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`scan-fossa:`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`runs-on: ubuntu-latest`
Only run e2e tests for Dependabot PRs Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`if: github.actor != 'dependabot[bot]'`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`steps:`
build(deps): bump the ci group with 1 update Bumps the ci group with 1 update: [actions/checkout](https://github.com/actions/checkout). - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> 1 year ago			`- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`- name: Run FOSSA scan and upload build data`
build(deps): bump the ci group with 4 updates Bumps the ci group with 4 updates: [Azure/login](https://github.com/azure/login), [google-github-actions/auth](https://github.com/google-github-actions/auth), [anchore/sbom-action](https://github.com/anchore/sbom-action) and [fossa-contrib/fossa-action](https://github.com/fossa-contrib/fossa-action). Updates `Azure/login` from 1.4.7 to 1.5.1 - [Release notes](https://github.com/azure/login/releases) - [Commits](https://github.com/azure/login/compare/92a5484dfaf04ca78a94597f4f19fea633851fa2...de95379fe4dadc2defb305917eaa7e5dde727294) Updates `google-github-actions/auth` from 1.1.1 to 2.0.0 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/35b0e87d162680511bf346c299f71c9c5c379033...67e9c72af6e0492df856527b474995862b7b6591) Updates `anchore/sbom-action` from 0.14.3 to 0.15.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1...fd74a6fb98a204a1ad35bbfae0122c1a302ff88b) Updates `fossa-contrib/fossa-action` from 2.0.0 to 3.0.0 - [Release notes](https://github.com/fossa-contrib/fossa-action/releases) - [Changelog](https://github.com/fossa-contrib/fossa-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/fossa-contrib/fossa-action/compare/6728dc6fe9a068c648d080c33829ffbe56565023...cdc5065bcdee31a32e47d4585df72d66e8e941c2) --- updated-dependencies: - dependency-name: Azure/login dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: fossa-contrib/fossa-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> 1 year ago			`uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 # v3.0.0`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`with:`
			`# FOSSA Push-Only API Token`
			`fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de`
			`github-token: ${{ github.token }}`

ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`scan-snyk:`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`runs-on: ubuntu-latest`
ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`permissions:`
			`security-events: write`
Only run e2e tests for Dependabot PRs Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`if: (github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`steps:`
build(deps): bump the ci group with 1 update Bumps the ci group with 1 update: [actions/checkout](https://github.com/actions/checkout). - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> 1 year ago			`- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1`
Embed the install manifests in flux binary - add make target for generating the install manifests using kustomize - embed the generated manifests in flux binary - the install and bootstrap commands default to using the embedded manifests - download the install manifests from GitHub only if the install/bootstrap version arg is set Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 4 years ago			`- name: Setup Kustomize`
build: update scan workflow To include a (full) version number behind the actions with a SHA reference, so Dependabot will continue to update them from now on. Except for the `snyk/actions`, which follows `main`. Signed-off-by: Hidde Beydals <hidde@hhh.computer> 2 years ago			`uses: fluxcd/pkg/actions/kustomize@main`
ci: Fix Snyk Go build VCS stamping error Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`- name: Setup Go`
build(deps): bump the ci group with 2 updates Bumps the ci group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go) and [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Updates `actions/setup-go` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/fac708d6674e30b6ba41289acaab6d4b75aa0753...93397bea11091df50f3d7e59dc26a7711a8bcfbe) Updates `slsa-framework/slsa-github-generator` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> 1 year ago			`uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0`
ci: Fix Snyk Go build VCS stamping error Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`with:`
Update Go to 1.20 Signed-off-by: Hidde Beydals <hidde@hhh.computer> 2 years ago			`go-version: 1.20.x`
build: update `actions/setup-go` in workflows - Update `actions/setup-go` to v4.0.0 in workflows. - Remove separate caching steps in favor of built-in caching feature in action (since >=v3.0.0). Signed-off-by: Hidde Beydals <hidde@hhh.computer> 2 years ago			`cache-dependency-path: \|`
			`**/go.sum`
			`**/go.mod`
ci: Fix Snyk Go build VCS stamping error Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`- name: Download modules and build manifests`
Embed the install manifests in flux binary - add make target for generating the install manifests using kustomize - embed the generated manifests in flux binary - the install and bootstrap commands default to using the embedded manifests - download the install manifests from GitHub only if the install/bootstrap version arg is set Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 4 years ago			`run: \|`
ci: Fix Snyk Go build VCS stamping error Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`make tidy`
Use a file to record successful manifests build Using the directory cmd/flux/manifests as a prerequisite causes a problem: if the script that creates the files within fails, the next invocation of make will see the directory and assume it succeeded. Since the executable expects certain files to be present, but they are not explicit prerequisites of the recipe for building the binary, this results in a successful build but a broken `flux` executable. Instead, depend on a file that's explicitly updated when the script has succeeded, and which itself depends on the inputs. A couple of the CI workflows run make cmd/flux/manifests before doing other things, presumably as a way to avoid running the whole test suite in a CI pipeline for some purpose other than testing, so these needed changing as well. Signed-off-by: Michael Bridgen <michael@weave.works> 3 years ago			`make cmd/flux/.manifests.done`
build(deps): bump snyk/actions Bumps [snyk/actions](https://github.com/snyk/actions) from 806182742461562b67788a64410098c9d9b96adb to b98d498629f1c368650224d6d212bf7dfa89e4bf. - [Release notes](https://github.com/snyk/actions/releases) - [Commits](https://github.com/snyk/actions/compare/806182742461562b67788a64410098c9d9b96adb...b98d498629f1c368650224d6d212bf7dfa89e4bf) --- updated-dependencies: - dependency-name: snyk/actions dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> 2 years ago			`- uses: snyk/actions/setup@b98d498629f1c368650224d6d212bf7dfa89e4bf`
ci: Fix Snyk Go build VCS stamping error Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`- name: Run Snyk to check for vulnerabilities`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`continue-on-error: true`
ci: Fix Snyk Go build VCS stamping error Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`run: \|`
			`snyk test --sarif-file-output=snyk.sarif`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`env:`
			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`
			`- name: Upload result to GitHub Code Scanning`
build(deps): bump github/codeql-action from 2.3.6 to 2.13.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2 years ago			`uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`with:`
			`sarif_file: snyk.sarif`

ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`scan-codeql:`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`runs-on: ubuntu-latest`
Additional workflow permissions tweaks Signed-off-by: Eddie Knight <knight@linux.com> 2 years ago			`permissions:`
ci: Refactor GitHub workflows Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`security-events: write`
Only run e2e tests for Dependabot PRs Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 2 years ago			`if: github.actor != 'dependabot[bot]'`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`steps:`
			`- name: Checkout repository`
build(deps): bump the ci group with 1 update Bumps the ci group with 1 update: [actions/checkout](https://github.com/actions/checkout). - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> 1 year ago			`uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1`
build: update `actions/setup-go` in workflows - Update `actions/setup-go` to v4.0.0 in workflows. - Remove separate caching steps in favor of built-in caching feature in action (since >=v3.0.0). Signed-off-by: Hidde Beydals <hidde@hhh.computer> 2 years ago			`- name: Setup Go`
build(deps): bump the ci group with 2 updates Bumps the ci group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go) and [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Updates `actions/setup-go` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/fac708d6674e30b6ba41289acaab6d4b75aa0753...93397bea11091df50f3d7e59dc26a7711a8bcfbe) Updates `slsa-framework/slsa-github-generator` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com> 1 year ago			`uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0`
Setup CodeQL CI job with Go 1.18 Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com> 2 years ago			`with:`
Update Go to 1.20 Signed-off-by: Hidde Beydals <hidde@hhh.computer> 2 years ago			`go-version: 1.20.x`
build: update `actions/setup-go` in workflows - Update `actions/setup-go` to v4.0.0 in workflows. - Remove separate caching steps in favor of built-in caching feature in action (since >=v3.0.0). Signed-off-by: Hidde Beydals <hidde@hhh.computer> 2 years ago			`cache-dependency-path: \|`
			`**/go.sum`
			`**/go.mod`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`- name: Initialize CodeQL`
build(deps): bump github/codeql-action from 2.3.6 to 2.13.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2 years ago			`uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`with:`
			`languages: go`
ci: enable security-and-quality CodeQL query Signed-off-by: Hidde Beydals <hidde@hhh.computer> 1 year ago			`# xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs`
			`# xref: https://codeql.github.com/codeql-query-help/go/`
			`queries: security-and-quality`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`- name: Autobuild`
build(deps): bump github/codeql-action from 2.3.6 to 2.13.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2 years ago			`uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4`
Bundle CodeQL, FOSSA, Snyk as jobs in workflow Signed-off-by: Hidde Beydals <hello@hidde.co> 4 years ago			`- name: Perform CodeQL Analysis`
build(deps): bump github/codeql-action from 2.3.6 to 2.13.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2 years ago			`uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4`