Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update step-security/harden-runner action to v2.9.1 #703

Merged
merged 1 commit into from
Aug 23, 2024
Merged

chore(deps): update step-security/harden-runner action to v2.9.1 #703

merged 1 commit into from
Aug 23, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 18, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action minor v2.8.1 -> v2.9.1

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.9.1

Compare Source

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #​440
This release includes two changes:

  1. Updated markdown displayed in the job summary by the Harden-Runner Action.
  2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

  • Enterprise Tier - Telemetry Upload Enhancement:
    For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
  • Harden-Runner Agent Authentication:
    The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
  • README Update:
    A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
  • Dependency Update:
    Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file github-actions labels Jul 18, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 18, 2024
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/step-security/harden-runner 5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde 🟢 8.8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/step-security/harden-runner 5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde 🟢 8.8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml
.github/workflows/package-audit.yml

@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 5 times, most recently from b8abafe to 8c00898 Compare July 25, 2024 13:04
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 3 times, most recently from 8a9f565 to eabafbe Compare July 29, 2024 09:23
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from eabafbe to 4d62834 Compare August 5, 2024 04:10
@renovate renovate bot changed the title chore(deps): update step-security/harden-runner action to v2.9.0 chore(deps): update step-security/harden-runner action to v2.9.1 Aug 5, 2024
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 4 times, most recently from cc7997f to 6dae7f1 Compare August 12, 2024 03:20
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 5 times, most recently from 8ca31e5 to 59dbc65 Compare August 19, 2024 22:05
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 59dbc65 to 1cc5bba Compare August 21, 2024 21:12
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@myrotvorets-team myrotvorets-team merged commit 3765bbe into master Aug 23, 2024
10 checks passed
@myrotvorets-team myrotvorets-team deleted the renovate/step-security-harden-runner-2.x branch August 23, 2024 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github-actions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@myrotvorets-team