diff --git a/.github/workflows/matrix.json b/.github/workflows/matrix.json index a0c8a97c..e2a69468 100644 --- a/.github/workflows/matrix.json +++ b/.github/workflows/matrix.json @@ -1,3 +1,3 @@ { - "include": [{ "ruby": "3.1" }, { "ruby": "3.2" }, { "ruby": "3.3" }] + "include": [{ "ruby": "3.3" }, { "ruby": "3.4" }] } diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml index 0af4ad9b..d134e1e6 100644 --- a/.github/workflows/sca_scan.yml +++ b/.github/workflows/sca_scan.yml @@ -8,8 +8,8 @@ jobs: snyk-cli: uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main with: - additional-arguments: "--exclude=README.md,.jfrog" + ruby-version: "3.4" + additional-arguments: "--exclude=README.md,.jfrog,examples" pre-scan-commands: | - gem install bundler bundle install secrets: inherit \ No newline at end of file diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml deleted file mode 100644 index afb53267..00000000 --- a/.github/workflows/semgrep.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Semgrep - -on: - merge_group: - pull_request: - types: - - opened - - synchronize - push: - branches: - - master - - v6 - schedule: - - cron: '30 0 1,15 * *' - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/v6' }} - -jobs: - run: - name: Check for Vulnerabilities - runs-on: ubuntu-latest - - container: - image: returntocorp/semgrep - - steps: - - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' - run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - - - uses: actions/checkout@v6 - with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} - - - run: semgrep ci - env: - SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}