Merge pull request #2504 from step-security/update-templates-main

varunsh-coder · web-flow · commit d48f26d5fc52 · 2025-02-01T11:40:57.000-08:00
Update templates main
diff --git a/remediation/workflow/hardenrunner/addaction.go b/remediation/workflow/hardenrunner/addaction.go
@@ -12,7 +12,7 @@ import (
 
 const (
 	HardenRunnerActionPath = "step-security/harden-runner"
-	HardenRunnerActionName = "Harden Runner"
+	HardenRunnerActionName = "Harden the runner (Audit all outbound calls)"
 )
 
 func AddAction(inputYaml, action string, pinActions, pinToImmutable bool) (string, bool, error) {
diff --git a/testfiles/addaction/output/2jobs.yml b/testfiles/addaction/output/2jobs.yml
@@ -5,7 +5,7 @@ jobs:
   list-directory:
     runs-on: ubuntu-latest
     steps:
-     - name: Harden Runner
+     - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@v2
        with:
          egress-policy: audit
@@ -14,7 +14,7 @@ jobs:
   list-directory1:
     runs-on: ubuntu-latest
     steps:
-     - name: Harden Runner
+     - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@v2
        with:
          egress-policy: audit
diff --git a/testfiles/addaction/output/action-issues.yml b/testfiles/addaction/output/action-issues.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Harden Runner
+    - name: Harden the runner (Audit all outbound calls)
       uses: step-security/harden-runner@v2
       with:
         egress-policy: audit
diff --git a/testfiles/addaction/output/alreadypresent.yml b/testfiles/addaction/output/alreadypresent.yml
@@ -10,7 +10,7 @@ jobs:
   list-directory1:
     runs-on: ubuntu-latest
     steps:
-     - name: Harden Runner
+     - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@v2
        with:
          egress-policy: audit
diff --git a/testfiles/addworkflow/expected-scorecards.yml b/testfiles/addworkflow/expected-scorecards.yml
@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/testfiles/secureworkflow/output/allscenarios.yml b/testfiles/secureworkflow/output/allscenarios.yml
@@ -14,7 +14,7 @@ jobs:
       statuses: write  # for github/super-linter to mark status of each linter run
     runs-on: ubuntu-latest  
     steps:
-      - name: Harden Runner
+      - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
         with:
           egress-policy: audit
diff --git a/testfiles/secureworkflow/output/missingaction.yml b/testfiles/secureworkflow/output/missingaction.yml
@@ -8,7 +8,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest  
     steps:
-      - name: Harden Runner
+      - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
         with:
           egress-policy: audit
diff --git a/testfiles/secureworkflow/output/noperms.yml b/testfiles/secureworkflow/output/noperms.yml
@@ -8,7 +8,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest  
     steps:
-      - name: Harden Runner
+      - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
         with:
           egress-policy: audit
diff --git a/testfiles/secureworkflow/output/nopin.yml b/testfiles/secureworkflow/output/nopin.yml
@@ -14,7 +14,7 @@ jobs:
       statuses: write  # for github/super-linter to mark status of each linter run
     runs-on: ubuntu-latest  
     steps:
-      - name: Harden Runner
+      - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@v2
         with:
           egress-policy: audit
diff --git a/workflow-templates/scorecards.yml b/workflow-templates/scorecards.yml
@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ import (`
`12`	`12`
`13`	`13`	`const (`
`14`	`14`	`HardenRunnerActionPath = "step-security/harden-runner"`
`15`		`- HardenRunnerActionName = "Harden Runner"`
	`15`	`+ HardenRunnerActionName = "Harden the runner (Audit all outbound calls)"`
`16`	`16`	`)`
`17`	`17`
`18`	`18`	`func AddAction(inputYaml, action string, pinActions, pinToImmutable bool) (string, bool, error) {`