diff --git a/.github/workflows/example_artifacts-cicd.yaml b/.github/workflows/example_artifacts-cicd.yaml index ac21c5cf..d2a6aef4 100644 --- a/.github/workflows/example_artifacts-cicd.yaml +++ b/.github/workflows/example_artifacts-cicd.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -96,7 +96,7 @@ jobs: if: github.actor != 'dependabot[bot]' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - name: Install JFrog CLI @@ -143,7 +143,7 @@ jobs: needs: [extract-version, artifacts-cicd] steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - name: Install JFrog CLI diff --git a/.github/workflows/example_docker-test.yaml b/.github/workflows/example_docker-test.yaml index db8fcad7..85b432c8 100644 --- a/.github/workflows/example_docker-test.yaml +++ b/.github/workflows/example_docker-test.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/example_reusable-integration.yaml b/.github/workflows/example_reusable-integration.yaml index ddc49ac7..598985b2 100644 --- a/.github/workflows/example_reusable-integration.yaml +++ b/.github/workflows/example_reusable-integration.yaml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -199,7 +199,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -277,7 +277,7 @@ jobs: if: github.actor != 'dependabot[bot]' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -333,7 +333,7 @@ jobs: needs: [extract-version, deploy-artifacts] steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/release-changelog.yaml b/.github/workflows/release-changelog.yaml index 19007ee0..0bc5d084 100644 --- a/.github/workflows/release-changelog.yaml +++ b/.github/workflows/release-changelog.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9fd85503..8f02fef5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_artifacts-cicd.yaml b/.github/workflows/reusable_artifacts-cicd.yaml index 737a0fe9..4f74bae0 100644 --- a/.github/workflows/reusable_artifacts-cicd.yaml +++ b/.github/workflows/reusable_artifacts-cicd.yaml @@ -190,7 +190,7 @@ jobs: setup-dotnet: ${{ steps.resolve.outputs.setup_dotnet }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -259,7 +259,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_create-release-bundle.yaml b/.github/workflows/reusable_create-release-bundle.yaml index 56a8d99c..8733d1f6 100644 --- a/.github/workflows/reusable_create-release-bundle.yaml +++ b/.github/workflows/reusable_create-release-bundle.yaml @@ -72,7 +72,7 @@ jobs: runs-on: ${{ inputs.runs-on }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_deploy-artifacts.yaml b/.github/workflows/reusable_deploy-artifacts.yaml index fb7982b9..fc629ac3 100644 --- a/.github/workflows/reusable_deploy-artifacts.yaml +++ b/.github/workflows/reusable_deploy-artifacts.yaml @@ -90,7 +90,7 @@ jobs: jf-build-id: ${{ steps.deploy.outputs.jf-build-id }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_docker-build-deploy.yaml b/.github/workflows/reusable_docker-build-deploy.yaml index 857a36d2..a5e0dbaf 100644 --- a/.github/workflows/reusable_docker-build-deploy.yaml +++ b/.github/workflows/reusable_docker-build-deploy.yaml @@ -128,7 +128,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_execute-build.yaml b/.github/workflows/reusable_execute-build.yaml index 6a486e49..da80b060 100644 --- a/.github/workflows/reusable_execute-build.yaml +++ b/.github/workflows/reusable_execute-build.yaml @@ -167,7 +167,7 @@ jobs: jf-build-name: ${{ steps.build-info.outputs.jf-build-name }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - name: Checkout shared-workflows repository diff --git a/.github/workflows/reusable_pr-hygiene-merge.yml b/.github/workflows/reusable_pr-hygiene-merge.yml index 02df034a..aa180b76 100644 --- a/.github/workflows/reusable_pr-hygiene-merge.yml +++ b/.github/workflows/reusable_pr-hygiene-merge.yml @@ -37,7 +37,7 @@ jobs: needs: hygiene-check steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_pr-hygiene.yml b/.github/workflows/reusable_pr-hygiene.yml index 132a35ad..1adc1391 100644 --- a/.github/workflows/reusable_pr-hygiene.yml +++ b/.github/workflows/reusable_pr-hygiene.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/reusable_sign-artifacts.yaml b/.github/workflows/reusable_sign-artifacts.yaml index 64d6907f..b410cbec 100644 --- a/.github/workflows/reusable_sign-artifacts.yaml +++ b/.github/workflows/reusable_sign-artifacts.yaml @@ -74,7 +74,7 @@ jobs: gh-artifact-name: ${{ steps.sign-outputs.outputs.gh-artifact-name }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_create-release-bundle-workflow.yaml b/.github/workflows/test_create-release-bundle-workflow.yaml index 18858431..afaea70d 100644 --- a/.github/workflows/test_create-release-bundle-workflow.yaml +++ b/.github/workflows/test_create-release-bundle-workflow.yaml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_deploy-artifacts-workflow.yaml b/.github/workflows/test_deploy-artifacts-workflow.yaml index 6e91f0b7..f5a6cf08 100644 --- a/.github/workflows/test_deploy-artifacts-workflow.yaml +++ b/.github/workflows/test_deploy-artifacts-workflow.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -49,7 +49,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_docker-build-deploy-workflow.yaml b/.github/workflows/test_docker-build-deploy-workflow.yaml index 07225607..dc63248e 100644 --- a/.github/workflows/test_docker-build-deploy-workflow.yaml +++ b/.github/workflows/test_docker-build-deploy-workflow.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_execute-build-workflow.yaml b/.github/workflows/test_execute-build-workflow.yaml index 6fca9447..96c154f8 100644 --- a/.github/workflows/test_execute-build-workflow.yaml +++ b/.github/workflows/test_execute-build-workflow.yaml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_sign-artifacts-workflow.yaml b/.github/workflows/test_sign-artifacts-workflow.yaml index 0fce47a6..efc9c853 100644 --- a/.github/workflows/test_sign-artifacts-workflow.yaml +++ b/.github/workflows/test_sign-artifacts-workflow.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -90,7 +90,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_sign-deb.yaml b/.github/workflows/test_sign-deb.yaml index bbd61533..77ec6af1 100644 --- a/.github/workflows/test_sign-deb.yaml +++ b/.github/workflows/test_sign-deb.yaml @@ -15,7 +15,7 @@ jobs: #- ubuntu-24.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_sign-file.yaml b/.github/workflows/test_sign-file.yaml index 73b2cd4f..526a795f 100644 --- a/.github/workflows/test_sign-file.yaml +++ b/.github/workflows/test_sign-file.yaml @@ -15,7 +15,7 @@ jobs: # - ubuntu-24.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/test_sign-rpm.yaml b/.github/workflows/test_sign-rpm.yaml index ed984673..ef0091a0 100644 --- a/.github/workflows/test_sign-rpm.yaml +++ b/.github/workflows/test_sign-rpm.yaml @@ -15,7 +15,7 @@ jobs: # - ubuntu-24.04 steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/trunk-ci.yaml b/.github/workflows/trunk-ci.yaml index e41c2e9e..8cfc0d64 100644 --- a/.github/workflows/trunk-ci.yaml +++ b/.github/workflows/trunk-ci.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit