chore(deps): update github/codeql-action action to v4

renovate[bot] · web-flow · commit 9d87cece9447 · 2025-10-10T23:49:12.000Z
diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
@@ -40,6 +40,6 @@ jobs:
         image: "localbuild/testimage:latest"
         acs-report-enable: true
     - name: Upload Anchore Scan Report
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml
@@ -64,6 +64,6 @@ jobs:
           # The name of the sarif format result file The file is written only if this property is provided.
           sarif-result-file: "apisec-results.sarif"
        - name: Import results
-         uses: github/codeql-action/upload-sarif@v2
+         uses: github/codeql-action/upload-sarif@v4
          with:
           sarif_file: ./apisec-results.sarif
diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml
@@ -52,6 +52,6 @@ jobs:
 
     # Upload the SARIF file generated in the previous step
     - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: output.sarif.json
diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml
@@ -49,6 +49,6 @@ jobs:
         params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
     # Upload the Report for CodeQL/Security Alerts
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: cx.sarif
diff --git a/.github/workflows/clj-holmes.yml b/.github/workflows/clj-holmes.yml
@@ -37,7 +37,7 @@ jobs:
           fail-on-result: 'false'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: ${{github.workspace}}/clj-holmes-results.sarif
           ait-for-processing: true
diff --git a/.github/workflows/clj-watson.yml b/.github/workflows/clj-watson.yml
@@ -47,7 +47,7 @@ jobs:
           fail-on-result: false
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: ${{github.workspace}}/clj-watson-results.sarif
           wait-for-processing: true
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
@@ -55,6 +55,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,7 +69,7 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v4
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@v3
       env:
diff --git a/.github/workflows/codescan.yml b/.github/workflows/codescan.yml
@@ -43,6 +43,6 @@ jobs:
                     organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
                     projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
             -   name: Upload SARIF file
-                uses: github/codeql-action/upload-sarif@v2
+                uses: github/codeql-action/upload-sarif@v4
                 with:
                     sarif_file: codescan.sarif
diff --git a/.github/workflows/codescaner-analysis.yml b/.github/workflows/codescaner-analysis.yml
@@ -32,6 +32,6 @@ jobs:
                     organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
                     projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
             -   name: Upload SARIF file
-                uses: github/codeql-action/upload-sarif@v2
+                uses: github/codeql-action/upload-sarif@v4
                 with:
                     sarif_file: codescan.sarif
diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml
@@ -111,7 +111,7 @@ jobs:
         )" > ${{ github.workspace }}/detekt.sarif.json
 
     # Uploads results to GitHub repository using the upload-sarif action
-    - uses: github/codeql-action/upload-sarif@v2
+    - uses: github/codeql-action/upload-sarif@v4
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: ${{ github.workspace }}/detekt.sarif.json
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
@@ -29,7 +29,7 @@ jobs:
         uses: microsoft/DevSkim-Action@v1
         
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: devskim-results.sarif
       - name: Upload coverage reports to Codecov
diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
@@ -43,7 +43,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: eslint-results.sarif
           wait-for-processing: true
diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
@@ -93,6 +93,6 @@ jobs:
 
       # Import Fortify on Demand results to GitHub Security Code Scanning
       - name: Import Results
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: ./gh-fortify-sast.sarif
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -41,7 +41,7 @@ jobs:
           no-fail: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: hadolint-results.sarif
           wait-for-processing: true
diff --git a/.github/workflows/kubesec.yml b/.github/workflows/kubesec.yml
@@ -36,6 +36,6 @@ jobs:
           exit-code: "0"
 
       - name: Upload Kubesec scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: kubesec-results.sarif
diff --git a/.github/workflows/mayhem-for-api.yml b/.github/workflows/mayhem-for-api.yml
@@ -61,6 +61,6 @@ jobs:
           sarif-report: mapi.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: mapi.sarif
diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml
@@ -37,7 +37,7 @@ jobs:
           args: . --sarif --output results.sarif || true
 
       - name: Upload mobsfscan report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif
       - name: Upload coverage reports to Codecov
diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml
@@ -36,7 +36,7 @@ jobs:
       with:
         args: '. --sarif --output results.sarif || true'
     - name: Upload njsscan report
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: results.sarif
     - name: Upload coverage reports to Codecov
diff --git a/.github/workflows/nowsecure.yml b/.github/workflows/nowsecure.yml
@@ -47,6 +47,6 @@ jobs:
           group_id: {{ groupId }}                 # Update this to your desired Platform group ID
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: NowSecure.sarif
diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml
@@ -39,6 +39,6 @@ jobs:
 
       # Upload results to the Security tab
     - name: Upload OSSAR results
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: ${{ steps.ossar.outputs.sarifFile }}
diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml
@@ -50,7 +50,7 @@ jobs:
 
       # Upload results to the Security tab
     - name: Upload OSSAR results
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: ${{ steps.ossar.outputs.sarifFile }}
     - name: Upload coverage reports to Codecov
diff --git a/.github/workflows/pmd.yml b/.github/workflows/pmd.yml
@@ -37,7 +37,7 @@ jobs:
           sourcePath: 'src/main/java'
           analyzeModifiedFilesOnly: false
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: pmd-report.sarif
       - name: Upload coverage reports to Codecov
diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml
@@ -43,7 +43,7 @@ jobs:
       
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif
       - name: Upload coverage reports to Codecov
diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml
@@ -47,6 +47,6 @@ jobs:
         "
 
     - name: Upload Sarif output
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: rubocop.sarif
diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml
@@ -48,7 +48,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: rust-clippy-results.sarif
           wait-for-processing: true
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@004c5de30b6423267685b897a3d595e944f7fed5 # v2.20.2
+        uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/securitycodescan.yml b/.github/workflows/securitycodescan.yml
@@ -38,4 +38,4 @@ jobs:
         uses: security-code-scan/security-code-scan-results-action@579058214e4be88ce9eea302f1fb74df1b8bc1ed
 
       - name: Upload sarif
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -42,7 +42,7 @@ jobs:
 
       # Upload SARIF file generated in previous step
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: semgrep.sarif
         if: always()
diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml
@@ -49,6 +49,6 @@ jobs:
         image: your/image-to-test
         args: --file=Dockerfile
     - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: snyk.sarif
diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml
@@ -48,6 +48,6 @@ jobs:
           # or `main.tf` for a Terraform configuration file
           file: your-file-to-test.yaml
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif
diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml
@@ -35,6 +35,6 @@ jobs:
       - id: run-action
         uses: sobelow/action@85a7af55ecfe77cbecbae704398af72df079165e
       - name: Upload report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/synopsys-io.yml b/.github/workflows/synopsys-io.yml
@@ -71,7 +71,7 @@ jobs:
     
     - name: Upload SARIF file
       if: ${{steps.prescription.outputs.sastScan == 'true' }}
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: workflowengine-results.sarif.json
diff --git a/.github/workflows/sysdig-scan.yml b/.github/workflows/sysdig-scan.yml
@@ -54,7 +54,7 @@ jobs:
         # Sysdig inline scanner requires privileged rights
         run-as-user: root
 
-    - uses: github/codeql-action/upload-sarif@v2
+    - uses: github/codeql-action/upload-sarif@v4
       #Upload SARIF file
       if: always()
       with:
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -32,7 +32,7 @@ jobs:
           sarif_file: tfsec.sarif         
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: tfsec.sarif  
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -42,6 +42,6 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml
@@ -52,7 +52,7 @@ jobs:
       uses: veracode/veracode-pipeline-scan-results-to-sarif@99c541b171135ee0e29d3e5b938f74d88b0c5787
       with:
         pipeline-results-json: results.json
-    - uses: github/codeql-action/upload-sarif@v2
+    - uses: github/codeql-action/upload-sarif@v4
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: veracode-results.sarif
diff --git a/.github/workflows/xanitizer.yml b/.github/workflows/xanitizer.yml
@@ -94,6 +94,6 @@ jobs:
             *-Findings-List.sarif
 
       # Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
-      - uses: github/codeql-action/upload-sarif@v2
+      - uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: Xanitizer-Findings-List.sarif
