diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 151bb33..877e22d 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -16,14 +16,15 @@ jobs: # Checkout your code repository to scan - uses: actions/checkout@v2 - # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/msca-nuget) is built with dotnet v3.1.201. - # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. - # Remote agents already have a compatible version of dotnet installed and this step may be skipped. - # For local agents, ensure dotnet version 3.1.201 or later is installed by including this action: + # Ensure a compatible version of dotnet is installed. + # The [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) is built with net6.0 + # A version greater than or equal to net6.0 of dotnet must be installed on the agent in order to run this action. + # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. + + # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: # - uses: actions/setup-dotnet@v1 # with: - # dotnet-version: '3.1.x' + # dotnet-version: '6.0.x' # Run open source static analysis tools - name: Run OSSAR diff --git a/.github/workflows/sample-workflow-ubuntu-latest.yml b/.github/workflows/sample-workflow-ubuntu-latest.yml index 3b2c983..30ad086 100644 --- a/.github/workflows/sample-workflow-ubuntu-latest.yml +++ b/.github/workflows/sample-workflow-ubuntu-latest.yml @@ -22,13 +22,14 @@ jobs: - uses: actions/checkout@v2 # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/msca-nuget) is built with dotnet v3.1.201. - # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. + # The [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) is built with net6.0 + # A version greater than or equal to net6.0 of dotnet must be installed on the agent in order to run this action. # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. + # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: # - uses: actions/setup-dotnet@v1 # with: - # dotnet-version: '3.1.x' + # dotnet-version: '6.0.x' # Run open source static analysis tools - name: Run OSSAR diff --git a/.github/workflows/sample-workflow-windows-latest.yml b/.github/workflows/sample-workflow-windows-latest.yml index 0597856..a74f92d 100644 --- a/.github/workflows/sample-workflow-windows-latest.yml +++ b/.github/workflows/sample-workflow-windows-latest.yml @@ -22,13 +22,14 @@ jobs: - uses: actions/checkout@v2 # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/msca-nuget) is built with dotnet v3.1.201. - # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. + # The [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) is built with net6.0 + # A version greater than or equal to net6.0 of dotnet must be installed on the agent in order to run this action. # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. + # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: # - uses: actions/setup-dotnet@v1 # with: - # dotnet-version: '3.1.x' + # dotnet-version: '6.0.x' # Run open source static analysis tools - name: Run OSSAR diff --git a/README.md b/README.md index b806366..072ac58 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,9 @@ The OSSAR action is currently in beta and runs on the `windows-latest` queue, as # Overview -This action runs the [Microsoft Security Code Analysis CLI](https://aka.ms/msca-nuget) for security analysis by: +This action runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis by: -* Installing the Microsoft Security Code Analysis CLI +* Installing the Microsoft Security DevOps CLI * Installing the latest policy or referencing the local `policy/github.gdnpolicy` file * Installing the latest open source tools * Automatic or user-provided configuration of static analysis tools @@ -53,12 +53,12 @@ steps: sarif_file: ${{ steps.ossar.outputs.sarifFile }} ``` -**Note:** The [Microsoft Security Code Analysis CLI](https://aka.ms/msca-nuget) is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the [actions/setup-dotnet](https://github.com/actions/setup-dotnet) action. +**Note:** The [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) is built with net6.0. A version greater than or equal to net6.0 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the [actions/setup-dotnet](https://github.com/actions/setup-dotnet) action. ``` - uses: actions/setup-dotnet@v1 with: - dotnet-version: '3.1.x' + # dotnet-version: '6.0.x' ``` ## Upload Results to the Security tab diff --git a/policy/github.nuspec b/policy/github.nuspec index b414aa7..05b2303 100644 --- a/policy/github.nuspec +++ b/policy/github.nuspec @@ -3,9 +3,9 @@ Microsoft.Security.CodeAnalysis.Policy.GitHub 1.1.0 - Microsoft Security Code Analysis Policy for GitHub. + Microsoft Security DevOps Policy for GitHub. Microsoft - https://aka.ms/msca-nuget + https://aka.ms/msdo-nuget en-US MS-PL false