From f9e05434b3ddc4919c774c3f7e2ce4258ed789b4 Mon Sep 17 00:00:00 2001 From: Roman Babenko Date: Sun, 16 Feb 2025 12:01:40 +0200 Subject: [PATCH 1/3] Markup and hook demo --- .ci/benchmark.txt | 14 +++++++------- .pre-commit-config.yaml | 5 +++++ meta/69d49010.csv | 1 + 3 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 .pre-commit-config.yaml diff --git a/.ci/benchmark.txt b/.ci/benchmark.txt index 077544f1e..d7d7b2a5e 100644 --- a/.ci/benchmark.txt +++ b/.ci/benchmark.txt @@ -1,6 +1,6 @@ -META MD5 0631d3c69c1ece61c31ad976cc91e2f4 -DATA MD5 36faeaaa7c34d72fdb9d65b8854dd17a -DATA: 16334259 interested lines. MARKUP: 59619 items +META MD5 45613c85a524c080cb3f5495ae968267 +DATA MD5 e9fc1ebf64881ff17b33173c659d26f4 +DATA: 16334259 interested lines. MARKUP: 59620 items FileType FileNumber ValidLines Positives Negatives Templates --------------- ------------ ------------ ----------- ----------- ----------- 194 28342 71 415 90 @@ -153,7 +153,7 @@ FileType FileNumber ValidLines Positives Negatives Templat .pug 2 193 2 .purs 1 69 4 .pxd 1 150 4 2 -.py 886 290215 675 3235 720 +.py 886 290215 676 3235 720 .pyi 4 1361 9 .pyp 1 167 1 .pyx 2 1094 23 @@ -222,7 +222,7 @@ FileType FileNumber ValidLines Positives Negatives Templat .yml 420 36296 546 910 374 .zsh 6 872 12 .zsh-theme 1 97 1 -TOTAL: 10026 16334259 11993 46618 5024 +TOTAL: 10026 16334259 11994 46618 5024 credsweeper result_cnt : 0, lost_cnt : 0, true_cnt : 0, false_cnt : 0 Rules Positives Negatives Templates Reported TP FP TN FN FPR FNR ACC PRC RCL F1 ------------------------------ ----------- ----------- ----------- ---------- ---- ---- ----- ----- -------- -------- -------- ----- -------- ---- @@ -231,7 +231,7 @@ AWS Client ID 170 19 0 AWS Multi 82 10 0 0 0 10 82 0.000000 1.000000 0.108696 0.000000 AWS S3 Bucket 67 23 0 0 0 23 67 0.000000 1.000000 0.255556 0.000000 Atlassian Old PAT token 3 7 0 0 0 7 3 0.000000 1.000000 0.700000 0.000000 -Auth 416 2744 81 0 0 2825 416 0.000000 1.000000 0.871645 0.000000 +Auth 417 2744 81 0 0 2825 417 0.000000 1.000000 0.871376 0.000000 Azure Access Token 19 0 0 0 0 0 19 1.000000 0.000000 0.000000 BASE64 Private Key 12 4 0 0 0 4 12 0.000000 1.000000 0.250000 0.000000 BASE64 encoded PEM Private Key 7 0 0 0 0 0 7 1.000000 0.000000 0.000000 @@ -274,4 +274,4 @@ Token 645 4170 453 Twilio Credentials 30 39 0 0 0 39 30 0.000000 1.000000 0.565217 0.000000 URL Credentials 217 156 209 0 0 365 217 0.000000 1.000000 0.627148 0.000000 UUID 1075 265 0 0 0 265 1075 0.000000 1.000000 0.197761 0.000000 - 11993 46618 5024 0 0 0 46618 11993 0.000000 1.000000 0.795380 0.000000 + 11994 46618 5024 0 0 0 46618 11994 0.000000 1.000000 0.795366 0.000000 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 000000000..061ea893f --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: +- repo: https://github.com/Samsung/CredSweeper + rev: v1.10.6 + hooks: + - id: CredSweeper diff --git a/meta/69d49010.csv b/meta/69d49010.csv index 9c8e9eabe..a6e9ef69e 100644 --- a/meta/69d49010.csv +++ b/meta/69d49010.csv @@ -168,3 +168,4 @@ Id,FileID,Domain,RepoName,FilePath,LineStart,LineEnd,GroundTruth,WithWords,Value 1479354,5aad918a,GitHub,69d49010,data/69d49010/test/5aad918a.py,329,329,T,F,35,48,F,F,,,,,0.0,0,F,F,F,Auth 1479356,5aad918a,GitHub,69d49010,data/69d49010/test/5aad918a.py,356,356,T,F,35,48,F,F,,,,,0.0,0,F,F,F,Auth 1479361,5aad918a,GitHub,69d49010,data/69d49010/test/5aad918a.py,433,433,F,F,,,F,F,,,,,0.0,0,F,F,F,Auth +1480765,5aad918a,GitHub,69d49010,data/69d49010/test/5aad918a.py,240,240,T,F,35,48,F,F,,,,,0.0,0,F,F,F,Auth From cfa376a0b0c3c7c344cc0ce5d1d28735e5cadd3a Mon Sep 17 00:00:00 2001 From: Roman Babenko Date: Tue, 18 Feb 2025 17:34:50 +0200 Subject: [PATCH 2/3] additional markup --- .ci/benchmark.txt | 22 +++++++++++----------- meta/0fc802c8.csv | 2 +- meta/28728ab4.csv | 4 ++-- meta/49b08818.csv | 2 +- meta/a09d9e50.csv | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.ci/benchmark.txt b/.ci/benchmark.txt index d7d7b2a5e..53f351312 100644 --- a/.ci/benchmark.txt +++ b/.ci/benchmark.txt @@ -1,9 +1,9 @@ -META MD5 45613c85a524c080cb3f5495ae968267 -DATA MD5 e9fc1ebf64881ff17b33173c659d26f4 +META MD5 ca7df6f221973c63ef270098b293ccbf +DATA MD5 83bfc3d7c7da81ae313827f3bda09197 DATA: 16334259 interested lines. MARKUP: 59620 items FileType FileNumber ValidLines Positives Negatives Templates --------------- ------------ ------------ ----------- ----------- ----------- - 194 28342 71 415 90 + 194 28342 72 415 89 .1 2 641 2 5 .admx 1 26 1 .adoc 1 158 13 5 1 @@ -63,7 +63,7 @@ FileType FileNumber ValidLines Positives Negatives Templat .gd 1 37 1 .gml 3 3075 16 .gni 3 5017 19 -.go 1081 568661 640 4109 744 +.go 1081 568661 640 4111 744 .golden 5 1168 1 13 29 .gradle 45 3265 2 90 100 .graphql 7 420 13 @@ -113,7 +113,7 @@ FileType FileNumber ValidLines Positives Negatives Templat .markdown 3 139 3 1 .markerb 3 12 3 .marko 1 21 2 -.md 674 148660 758 2334 595 +.md 674 148660 759 2334 594 .mdx 3 549 7 .mjml 1 18 1 .mjs 22 4424 71 341 @@ -157,7 +157,7 @@ FileType FileNumber ValidLines Positives Negatives Templat .pyi 4 1361 9 .pyp 1 167 1 .pyx 2 1094 23 -.r 4 62 4 2 1 +.r 4 62 5 2 .rake 2 51 2 .rb 834 128817 283 2444 614 .re 1 31 1 @@ -222,7 +222,7 @@ FileType FileNumber ValidLines Positives Negatives Templat .yml 420 36296 546 910 374 .zsh 6 872 12 .zsh-theme 1 97 1 -TOTAL: 10026 16334259 11994 46618 5024 +TOTAL: 10026 16334259 11997 46620 5021 credsweeper result_cnt : 0, lost_cnt : 0, true_cnt : 0, false_cnt : 0 Rules Positives Negatives Templates Reported TP FP TN FN FPR FNR ACC PRC RCL F1 ------------------------------ ----------- ----------- ----------- ---------- ---- ---- ----- ----- -------- -------- -------- ----- -------- ---- @@ -244,7 +244,7 @@ CMD Token 6 0 0 Certificate 24 471 0 0 0 471 24 0.000000 1.000000 0.951515 0.000000 Credential 91 422 76 0 0 498 91 0.000000 1.000000 0.845501 0.000000 Docker Swarm Token 2 0 0 0 0 0 2 1.000000 0.000000 0.000000 -Dropbox App secret 59 139 0 0 0 139 59 0.000000 1.000000 0.702020 0.000000 +Dropbox App secret 59 141 0 0 0 141 59 0.000000 1.000000 0.705000 0.000000 Facebook Access Token 0 1 0 0 0 1 0 0.000000 1.000000 Firebase Domain 6 1 0 0 0 1 6 0.000000 1.000000 0.142857 0.000000 Github Old Token 1 0 0 0 0 0 1 1.000000 0.000000 0.000000 @@ -261,7 +261,7 @@ Key 3911 15717 483 Nonce 93 49 0 0 0 49 93 0.000000 1.000000 0.345070 0.000000 Other 9 7447 5 0 0 7452 9 0.000000 1.000000 0.998794 0.000000 PEM Private Key 1019 1483 0 0 0 1483 1019 0.000000 1.000000 0.592726 0.000000 -Password 1936 7530 2637 0 0 10167 1936 0.000000 1.000000 0.840040 0.000000 +Password 1938 7530 2635 0 0 10165 1938 0.000000 1.000000 0.839874 0.000000 SQL Password 44 13 0 0 0 13 44 0.000000 1.000000 0.228070 0.000000 Salesforce Credentials 2 0 0 0 0 0 2 1.000000 0.000000 0.000000 Salt 48 75 1 0 0 76 48 0.000000 1.000000 0.612903 0.000000 @@ -272,6 +272,6 @@ Stripe Credentials 2 0 0 Tencent WeChat API App ID 6 0 0 0 0 0 6 1.000000 0.000000 0.000000 Token 645 4170 453 0 0 4623 645 0.000000 1.000000 0.877563 0.000000 Twilio Credentials 30 39 0 0 0 39 30 0.000000 1.000000 0.565217 0.000000 -URL Credentials 217 156 209 0 0 365 217 0.000000 1.000000 0.627148 0.000000 +URL Credentials 218 156 208 0 0 364 218 0.000000 1.000000 0.625430 0.000000 UUID 1075 265 0 0 0 265 1075 0.000000 1.000000 0.197761 0.000000 - 11994 46618 5024 0 0 0 46618 11994 0.000000 1.000000 0.795366 0.000000 + 11997 46620 5021 0 0 0 46620 11997 0.000000 1.000000 0.795332 0.000000 diff --git a/meta/0fc802c8.csv b/meta/0fc802c8.csv index 1bc76a1cb..fa42a195b 100644 --- a/meta/0fc802c8.csv +++ b/meta/0fc802c8.csv @@ -43,7 +43,7 @@ Id,FileID,Domain,RepoName,FilePath,LineStart,LineEnd,GroundTruth,WithWords,Value 28099,2cb279b2,GitHub,0fc802c8,data/0fc802c8/other/2cb279b2.md,51,51,T,T,28,37,F,F,Any,,,Secret,2.82,9,F,F,F,Password 28520,d2ddd43d,GitHub,0fc802c8,data/0fc802c8/other/d2ddd43d.md,15,15,Template,F,26,32,F,F,CharsOnly,,,Token,2.25,6,F,F,F,API:Token 28626,2cb279b2,GitHub,0fc802c8,data/0fc802c8/other/2cb279b2.md,117,117,T,T,19,28,F,F,Any,,,Secret,2.82,9,F,F,F,Password -30640,ce4a4371,GitHub,0fc802c8,data/0fc802c8/other/ce4a4371,24,24,Template,T,16,24,F,F,CharsOnly,,,Secret,2.75,8,F,F,F,Password +30640,ce4a4371,GitHub,0fc802c8,data/0fc802c8/other/ce4a4371,24,24,T,T,16,24,F,F,CharsOnly,,,Secret,2.75,8,F,F,F,Password 34138,60eff9d3,GitHub,0fc802c8,data/0fc802c8/src/60eff9d3.yml,6,6,T,T,30,39,F,F,Any,,,Secret,2.82,9,F,F,F,Password 41519,6a2adfaa,GitHub,0fc802c8,data/0fc802c8/src/6a2adfaa.yaml,444,444,T,T,16,33,F,F,CharsOnly,,,Secret,3.41,17,F,F,F,Password 41520,7ae146e0,GitHub,0fc802c8,data/0fc802c8/src/7ae146e0.yml,159,159,F,F,,,F,F,,,,,0,0,F,F,F,Secret diff --git a/meta/28728ab4.csv b/meta/28728ab4.csv index 59c13ece0..acc7889a1 100644 --- a/meta/28728ab4.csv +++ b/meta/28728ab4.csv @@ -165,7 +165,7 @@ Id,FileID,Domain,RepoName,FilePath,LineStart,LineEnd,GroundTruth,WithWords,Value 29061,f0b5d46b,GitHub,28728ab4,data/28728ab4/src/f0b5d46b.toml,17,17,Template,T,31,44,F,F,Any,,,Secret,2.9,13,F,F,F,Password 29121,1749c62f,GitHub,28728ab4,data/28728ab4/src/1749c62f.toml,14,14,Template,F,21,28,F,F,Any,,,Key,2.41,7,F,F,F,API:Key 29122,3ec8668b,GitHub,28728ab4,data/28728ab4/src/3ec8668b.toml,22,22,Template,T,27,54,F,F,Any,,,Secret,3.61,27,F,F,F,Key:Secret -29133,81d18044,GitHub,28728ab4,data/28728ab4/test/81d18044.go,209,209,F,T,34,49,F,F,Any,,,Key,3.89,55,F,F,F,API:Key +29133,81d18044,GitHub,28728ab4,data/28728ab4/test/81d18044.go,209,209,F,T,34,49,F,F,Any,,,Key,3.89,55,F,F,F,API:Key:Dropbox App secret 29136,81d18044,GitHub,28728ab4,data/28728ab4/test/81d18044.go,119,119,F,T,31,46,F,F,Any,,,Key,3.78,55,F,F,F,API:Key 29146,81d18044,GitHub,28728ab4,data/28728ab4/test/81d18044.go,130,130,F,T,31,46,F,F,Any,,,Key,3.8,55,F,F,F,Key:API 29152,87277328,GitHub,28728ab4,data/28728ab4/test/87277328.go,85,85,Template,F,15,17,F,F,CharsOnly,,,Secret,1.0,2,F,F,F,Password @@ -271,7 +271,7 @@ Id,FileID,Domain,RepoName,FilePath,LineStart,LineEnd,GroundTruth,WithWords,Value 30813,2e0df5af,GitHub,28728ab4,data/28728ab4/test/2e0df5af.go,23,23,Template,F,21,24,F,F,CharsOnly,,,Secret,1.58,3,F,F,F,Key:Secret 30814,b58a3506,GitHub,28728ab4,data/28728ab4/test/b58a3506.go,28,28,Template,T,17,23,F,F,CharsOnly,,,Token,2.25,6,F,F,F,Token 30824,dc6fa5f4,GitHub,28728ab4,data/28728ab4/src/dc6fa5f4.toml,14,14,Template,F,23,30,F,F,Any,,,Key,2.41,7,F,F,F,API:Key -30869,b955ab7a,GitHub,28728ab4,data/28728ab4/src/b955ab7a.go,47,47,F,T,84,99,T,F,CharsOnly,,,Key,3.24,15,F,F,F,API:Key +30869,b955ab7a,GitHub,28728ab4,data/28728ab4/src/b955ab7a.go,47,47,F,T,84,99,T,F,CharsOnly,,,Key,3.24,15,F,F,F,API:Key:Dropbox App secret 30889,b955ab7a,GitHub,28728ab4,data/28728ab4/src/b955ab7a.go,46,46,F,T,81,96,T,F,CharsOnly,,,Key,3.24,15,F,F,F,API:Key 30933,04bab67b,GitHub,28728ab4,data/28728ab4/test/04bab67b.go,64,64,F,F,,,F,F,,,,,0,0,F,F,F,Password 30957,df475944,GitHub,28728ab4,data/28728ab4/test/df475944.go,59,59,Template,F,52,58,F,F,,,,,0.0,0,F,F,F,Password diff --git a/meta/49b08818.csv b/meta/49b08818.csv index 2949ee4f1..505b0915c 100644 --- a/meta/49b08818.csv +++ b/meta/49b08818.csv @@ -21,7 +21,7 @@ Id,FileID,Domain,RepoName,FilePath,LineStart,LineEnd,GroundTruth,WithWords,Value 30115,24013877,GitHub,49b08818,data/49b08818/src/24013877.R,4,4,F,F,23,121,F,F,,,,,0.0,0,F,F,F,Auth 30339,1cafa8a2,GitHub,49b08818,data/49b08818/src/1cafa8a2.txt,1,1,F,F,83,90,F,F,,,,,0.0,0,F,F,F,Key 30347,f12dd9ee,GitHub,49b08818,data/49b08818/src/f12dd9ee.txt,1,1,Template,T,51,60,T,F,CharsOnly,,,Secret,3.17,9,F,F,F,Password -30630,5759a792,GitHub,49b08818,data/49b08818/src/5759a792.R,5,5,Template,T,16,25,F,F,CharsOnly,,,Secret,3.17,9,F,F,F,Password +30630,5759a792,GitHub,49b08818,data/49b08818/src/5759a792.R,5,5,T,T,16,25,F,F,CharsOnly,,,Secret,3.17,9,F,F,F,Password 31068,af53983f,GitHub,49b08818,data/49b08818/src/af53983f.py,5,5,Template,F,12,19,F,F,CharsOnly,,,Unknown,2.81,7,F,F,F,Key 31443,17c30e05,GitHub,49b08818,data/49b08818/src/17c30e05.py,4,4,F,F,24,122,F,F,,,,,0.0,0,F,F,F,Auth 32265,341ddfa2,GitHub,49b08818,data/49b08818/src/341ddfa2.ex,10,10,Template,T,49,60,F,F,Any,,,Secret,3.28,11,F,F,F,Password diff --git a/meta/a09d9e50.csv b/meta/a09d9e50.csv index 302f240b0..3f8ac613c 100644 --- a/meta/a09d9e50.csv +++ b/meta/a09d9e50.csv @@ -122,7 +122,7 @@ Id,FileID,Domain,RepoName,FilePath,LineStart,LineEnd,GroundTruth,WithWords,Value 14092,a65a4093,GitHub,a09d9e50,data/a09d9e50/src/a65a4093.ts,61,61,F,F,,,F,F,,,,,0,0,F,F,F,Password 16583,af0e2393,GitHub,a09d9e50,data/a09d9e50/test/af0e2393.asciidoc,10,10,F,F,-1,-1,F,F,,,,,0.0,0,F,F,F,Other 16585,af0e2393,GitHub,a09d9e50,data/a09d9e50/test/af0e2393.asciidoc,9,9,F,F,-1,-1,F,F,,,,,0.0,0,F,F,F,Other -17835,eca12c0a,GitHub,a09d9e50,data/a09d9e50/other/eca12c0a.md,89,89,Template,T,125,133,T,F,CharOnly,,,Secret,2.75,8,F,F,F,URL Credentials +17835,eca12c0a,GitHub,a09d9e50,data/a09d9e50/other/eca12c0a.md,89,89,T,T,125,133,T,F,CharOnly,,,Secret,2.75,8,F,F,F,URL Credentials 17978,3ef20495,GitHub,a09d9e50,data/a09d9e50/test/3ef20495.asciidoc,23,23,F,F,,,F,F,,,,,0,0,F,F,F,API 28949,0391cf43,GitHub,a09d9e50,data/a09d9e50/test/0391cf43.js,303,303,Template,F,19,22,F,F,CharsOnly,,,Secret,1.58,3,F,F,F,Password 28982,f5b179ce,GitHub,a09d9e50,data/a09d9e50/src/f5b179ce.asciidoc,60,60,Template,T,13,21,F,F,CharsOnly,,,Secret,2.75,8,F,F,F,Password From 261c72310bc14b3bc37606d5a37ead0e54bf89d8 Mon Sep 17 00:00:00 2001 From: Roman Babenko Date: Wed, 19 Feb 2025 11:07:35 +0200 Subject: [PATCH 3/3] action update --- .github/workflows/review.yml | 38 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml index 453500052..d07618cfe 100644 --- a/.github/workflows/review.yml +++ b/.github/workflows/review.yml @@ -21,12 +21,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - 2025.01.20 with: egress-policy: audit - name: Checkout CredData - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23 with: ref: ${{ github.event.pull_request.head.sha }} @@ -40,7 +40,7 @@ jobs: - name: Cache head review id: cache-data - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - 2024.12.05 with: path: | review_head.txt @@ -50,7 +50,7 @@ jobs: - name: Cache tmp if: steps.cache-data.outputs.cache-hit != 'true' id: cache-tmp - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - 2024.12.05 with: path: tmp key: cred-data-${{ hashFiles('snapshot.yaml') }} @@ -61,7 +61,7 @@ jobs: - name: Set up Python 3.10 if: steps.cache-data.outputs.cache-hit != 'true' - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 - 2025.01.28 with: python-version: "3.10" @@ -86,7 +86,7 @@ jobs: - name: Upload artifact if: always() - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09 with: name: review_head path: | @@ -105,12 +105,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - 2025.01.20 with: egress-policy: audit - name: Checkout CredData - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23 with: ref: ${{ github.event.pull_request.base.sha }} @@ -124,7 +124,7 @@ jobs: - name: Cache base review id: cache-data - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - 2024.12.05 with: path: | review_base.txt @@ -134,7 +134,7 @@ jobs: - name: Cache tmp if: steps.cache-data.outputs.cache-hit != 'true' id: cache-tmp - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - 2024.12.05 with: path: tmp key: cred-data-${{ hashFiles('snapshot.yaml') }} @@ -145,7 +145,7 @@ jobs: - name: Set up Python 3.10 if: steps.cache-data.outputs.cache-hit != 'true' - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 - 2025.01.28 with: python-version: "3.10" @@ -160,7 +160,7 @@ jobs: - name: Upload artifact if: always() - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09 with: name: review_base path: | @@ -178,7 +178,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - 2025.01.20 with: egress-policy: audit @@ -186,7 +186,7 @@ jobs: run: sudo apt update && sudo apt install colorized-logs - name: Download all workflow run artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - 2024.07.05 - name: Get diff for review run: | @@ -199,7 +199,7 @@ jobs: - name: Upload artifact if: always() - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09 with: name: review_diff path: | @@ -215,17 +215,17 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - 2025.01.20 with: egress-policy: audit - name: Checkout CredData - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23 with: ref: ${{ github.event.pull_request.head.sha }} - name: Set up Python 3.10 - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 - 2025.01.28 with: python-version: "3.10" @@ -272,7 +272,7 @@ jobs: - name: Upload artifact if: always() - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09 with: name: reports path: |