Bump Azure.Identity from 1.13.2 to 1.17.1 #224

Workflow file for this run

.github/workflows/SAST-Kubesec.yml at 0930020

	# https://kubesec.io/
	# https://github.com/controlplaneio/kubesec
	# https://github.com/controlplaneio/kubesec-action

	name: SAST Kubesec Scanner

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: '18 8 * * 6'

	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status

	jobs:
	kubesec-scan-1:
	name: Kubesec Scan 1
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v5

	- name: Run kubesec scanner (critical-double.yaml)
	uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
	with:
	input: manifests/critical-double.yaml # specify configuration file to scan here
	format: template
	template: manifests/sarif.tpl
	output: kubesec-results.sarif
	exit-code: "0"

	- name: Validate SARIF file
	id: validate
	run: \|
	if [ -f kubesec-results.sarif ] && [ -s kubesec-results.sarif ]; then
	# Check if the SARIF has valid runs array with at least one result
	if jq -e '.runs \| length > 0' kubesec-results.sarif > /dev/null 2>&1; then
	echo "valid=true" >> $GITHUB_OUTPUT
	else
	echo "SARIF file has no runs, skipping upload"
	echo "valid=false" >> $GITHUB_OUTPUT
	fi
	else
	echo "SARIF file is empty or missing, skipping upload"
	echo "valid=false" >> $GITHUB_OUTPUT
	fi

	- name: Upload Kubesec scan results to GitHub Security tab
	if: steps.validate.outputs.valid == 'true'
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: kubesec-results.sarif

	kubesec-scan-2:
	name: Kubesec Scan 2
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v5

	- name: Run kubesec scanner (score-5-pod-serviceaccount.yaml)
	uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
	with:
	input: manifests/score-5-pod-serviceaccount.yaml # specify configuration file to scan here
	format: template
	template: manifests/sarif.tpl
	output: kubesec-results.sarif
	exit-code: "0"

	- name: Validate SARIF file
	id: validate
	run: \|
	if [ -f kubesec-results.sarif ] && [ -s kubesec-results.sarif ]; then
	# Check if the SARIF has valid runs array with at least one result
	if jq -e '.runs \| length > 0' kubesec-results.sarif > /dev/null 2>&1; then
	echo "valid=true" >> $GITHUB_OUTPUT
	else
	echo "SARIF file has no runs, skipping upload"
	echo "valid=false" >> $GITHUB_OUTPUT
	fi
	else
	echo "SARIF file is empty or missing, skipping upload"
	echo "valid=false" >> $GITHUB_OUTPUT
	fi

	- name: Upload Kubesec scan results to GitHub Security tab
	if: steps.validate.outputs.valid == 'true'
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: kubesec-results.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump Azure.Identity from 1.13.2 to 1.17.1 #224

Workflow file

Bump Azure.Identity from 1.13.2 to 1.17.1 #224

Uh oh!

Workflow file for this run