upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-09 00:33:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
vault/.github/workflows/mend-pr-scan.yml
Vault Automation 3d420fec98
actions: bump actions to latest version (#12630) 
Bump our action version pins to the latest versions.

- actions/checkout v6.0.1 => v6.0.2
  Tag handling improvements

- actions/download-artifact v7.0.0 => v8.0.0
  Supports automatic detection of unzipping based on Content-Type
  Enforces digest checking
  Uses ES modules

- actions/setup-go v6.2.0 => v6.3.0
  Uses go.mod for default module caching (which we don't use)
  Fixes to download URL

- actions/upload-artifact v6.0.0 => v7.0.0
  Supports disabling automatic archiving
  Uses ES modules

- aws-actions/configure-aws-credentials v5.1.1 => v6.0.0
  Uses Node 24

- browser-actions/setup-chrome v2.1.0 => v2.1.1
  Bug fix for Node runtime version

- docker/build-push-action v6.18.0 => v6.19.2
  Internal dep updates and auth support for different Github servers.

- hashicorp/setup-terraform v3.1.2 => v4.0.0
  Uses Node 24

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2026-03-02 17:48:49 -05:00

42 lines
1.3 KiB
YAML
Raw Permalink Blame History

name: Mend PR Security Scan
on:
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.head_ref || github.run_id }}-mend-scan
cancel-in-progress: true
jobs:
mend-scan:
if: ${{ github.repository == 'hashicorp/vault-enterprise' }}
runs-on: [self-hosted, ubuntu-latest-x64]
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- name: Checkout Code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run Mend Security Scan
uses: hashicorp/oss-core-library-dashboard-metrics/mend-security/actions/mend-pr-scan@main
with:
vault-url: ${{ vars.CI_VAULT_URL }}
vault-method: ${{ vars.CI_VAULT_METHOD }}
vault-path: ${{ vars.CI_VAULT_PATH }}
vault-jwt-github-audience: ${{ vars.CI_VAULT_AUD }}
generate-scan-report: "true"
npm-include-dev-dependencies: "true"
scan-timeout-minutes: "30"
psirt-id: "PSIRT_PRD0014264"
- name: Upload Scan Artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
if: always()
with:
name: mend-scan-results-pr-${{ github.event.number }}
path: whitesource/**
retention-days: 90
Reference in a new issue View git blame Copy permalink