bump gosec dependency version (#6)

launchdarkly · Aug 21, 2024 · 488e75d · 488e75d
1 parent 0236280
commit 488e75d
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 4 deletions.
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,14 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
+      - uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # pin@v3
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # [email protected]
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,13 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: no-commit-to-branch
+  - repo: https://github.com/lalten/check-gha-pinning
+    rev: v1.3.0
+    hooks:
+      - id: check-gha-pinning
+        files: ^(.github/workflows/.*\.ya?ml|action.ya?ml)$
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1 @@
+@launchdarkly/team-product-security
diff --git a/action.yml b/action.yml
@@ -26,13 +26,13 @@ runs:
       id: date-partition
       run: echo "DATE_PARTITION=$(date +'%Y/%m/%d')" >> $GITHUB_OUTPUT
     - name: Checkout Source
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
     - name: Run Gosec Security Scanner
-      uses: securego/gosec@v2.18.0
+      uses: securego/gosec@6fbd381238e97e1d1f3358f0d6d65de78dcf9245 # pin@v2.20.0
       with:
         args: ${{ inputs.gosec-args }}
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v1-node16
+      uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # pin@v1-node16
       with:
         audience: https://github.com/launchdarkly
         role-to-assume: ${{ inputs.aws-assume-role }}
@@ -42,7 +42,7 @@ runs:
       run: |
         aws s3 cp ./gosec-results.json s3://${{ inputs.s3-bucket }}/${{ inputs.s3-path }}/${{ steps.date-partition.outputs.DATE_PARTITION }}/$GITHUB_REPOSITORY.json
     - name: Upload scan results artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3
       with:
         name: gosec-results
         path: gosec-results.json