Bump step-security/harden-runner from 2.2.1 to 2.9.1 #173
Triggered via pull request
August 6, 2024 20:56
dependabot[bot]
Status
Failure
Total duration
6h 14m 16s
Artifacts
1
analysis.yml
on: pull_request
Scorecards
/
Security Scorecards
5m 48s
Sonatype Nancy
/
Sonatype Nancy
5m 25s
Dependency Review
/
Scan dependencies for license compliance
6h 4m
Trivy
/
Filesystem
6h 4m
Trivy
/
Container
0s
FOSSA
/
Find license compliance and security issues
Semgrep Scan
/
semgrep
Matrix: CodeQL
Annotations
4 errors and 6 warnings
|
Scorecards / Security Scorecards
StepSecurity Harden Runner: Reverting agent since allowed endpoint *.blob.core.windows.net could not be resolved
|
|
Dependency Review / Scan dependencies for license compliance
The job running on runner GitHub Actions 18 has exceeded the maximum execution time of 360 minutes.
|
|
Trivy / Filesystem
The job running on runner GitHub Actions 10 has exceeded the maximum execution time of 360 minutes.
|
|
CodeQL (go) / CodeQL Analysis
The job running on runner GitHub Actions 14 has exceeded the maximum execution time of 360 minutes.
|
|
Sonatype Nancy / Sonatype Nancy
The following actions uses Node.js version which is deprecated and will be forced to run on node20: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
|
Scorecards / Security Scorecards
The following actions uses Node.js version which is deprecated and will be forced to run on node20: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab, actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce, github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
|
Dependency Review / Scan dependencies for license compliance
Runner GitHub Actions 18 did not respond to a cancelation request with 00:05:00.
|
|
Trivy / Filesystem
Runner GitHub Actions 10 did not respond to a cancelation request with 00:05:00.
|
|
CodeQL (go) / CodeQL Analysis
Runner GitHub Actions 14 did not respond to a cancelation request with 00:05:00.
|
|
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "SARIF file".
Please update your workflow to use v4 of the artifact actions.
Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
|
Artifacts
Produced during runtime
| Name | Size | |
|---|---|---|
|
SARIF file
Expired
|
24.2 KB |
|