Merge pull request #25 from GeorgeDavis-Ibexlabs/dev

Merge from `dev` to `main` to incorporate `minor-fixes`

Author: GeorgeDavis-Ibexlabs

.github/workflows/build-ci.yml

@@ -29,11 +29,11 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - name: Git Checkout
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.2
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v44.5.7
+        uses: tj-actions/changed-files@v46.0.5
         with:
           files_ignore: |
             .github/**            
@@ -56,25 +56,25 @@ jobs:
 
       - name: Set up Docker Buildx
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3.11.1
 
       - name: Log in to Docker Hub
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v3.4.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         if: steps.changed-files.outputs.any_changed == 'true'
         id: meta
-        uses: docker/metadata-action@v5.5.1
+        uses: docker/metadata-action@v5.7.0
         with:
           images: georgedavisibexlabs/publish-sarif-to-jira
 
       - name: Build Docker image
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: docker/build-push-action@v6.6.1
+        uses: docker/build-push-action@v6.18.0
         with:
           context: .
           file: Dockerfile
@@ -85,32 +85,31 @@ jobs:
 
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.32.0
         with:
           scan-type: "fs"
           format: "github"
           output: "dependency-results.sbom.json"
-          image-ref: "georgedavisibexlabs/publish-sarif-to-jira:main"
           github-pat: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload trivy SBOM as a Github artifact
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/upload-artifact@v4.3.6
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: trivy-sbom-report
           path: trivy-dependency-results.sbom.json
           retention-days: 30
 
       - name: Run Trivy Image scanner
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.32.0
         with:
           scan-type: "image"
           image-ref: "georgedavisibexlabs/publish-sarif-to-jira:main"
           limit-severities-for-sarif: true
           trivy-config: .github/config/trivy-sarif.yaml
 
       - name: Upload Trivy Image scan results
-        uses: actions/upload-artifact@v4.3.6
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: trivy-image-scan-results
           path: trivy-image-scan-results.sarif

.github/workflows/docker-publish.yml

@@ -30,25 +30,25 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3.11.1
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v3.4.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5.5.1
+        uses: docker/metadata-action@v5.7.0
         with:
           images: georgedavisibexlabs/publish-sarif-to-jira
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v6.6.1
+        uses: docker/build-push-action@v6.18.0
         with:
           context: .
           file: Dockerfile
@@ -58,7 +58,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Update Docker Hub description
-        uses: peter-evans/dockerhub-description@v4.0.0
+        uses: peter-evans/dockerhub-description@v4.0.2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -68,15 +68,15 @@ jobs:
           enable-url-completion: true
 
       - name: Run Trivy Image scanner
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.32.0
         with:
           scan-type: 'image'
           image-ref: 'georgedavisibexlabs/publish-sarif-to-jira:main'
           limit-severities-for-sarif: true
           trivy-config: .github/config/trivy-sarif.yaml
 
       - name: Upload Trivy Image scan results
-        uses: actions/upload-artifact@v4.3.6
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: trivy-image-scan-results
           path: trivy-image-scan-results.sarif

DOCKER.md

@@ -56,7 +56,7 @@ Project Status: **In Active Development**
 
 ```
     - name: Create JIRA tickets from SARIF
-      uses: GeorgeDavis-Ibexlabs/publish-sarif-to-jira@v0.0.12
+      uses: GeorgeDavis-Ibexlabs/publish-sarif-to-jira@v0.0.13
 ```
 Refer to [Create JIRA tickets from SARIF using GitHub Actions](https://github.com/marketplace/actions/create-jira-tickets-from-sarif)
 

README.md

@@ -55,7 +55,7 @@ Project Status: **In Active Development**
 
 ```
     - name: Create JIRA tickets from SARIF
-      uses: GeorgeDavis-Ibexlabs/publish-sarif-to-jira@v0.0.12
+      uses: GeorgeDavis-Ibexlabs/publish-sarif-to-jira@v0.0.13
 ```
 Refer to [Create JIRA tickets from SARIF using GitHub Actions](https://github.com/marketplace/actions/create-jira-tickets-from-sarif)
 

config_handler/config_handler.py

@@ -146,7 +146,8 @@ def load_config_env(self) -> dict:
                         if environ['GITHUB_ACTIONS']:
                             list_item = 'INPUT_' + list_item
 
-                    self.logger.debug('Config `' + str(list_item) + '` within parent `' + str(parent_item) + '` - ' + str(environ[list_item.replace('.', '_').upper()]))
+                    self.logger.debug('Config `' + str(list_item) + '` within parent `' + str(parent_item))
+                    self.logger.debug('Config value - ' + str(environ[list_item.replace('.', '_').upper()]))
 
                     item_path = list_item.split('.')
                     for item in reversed(item_path):

requirements.txt

@@ -2,5 +2,5 @@ atlassian_doc_builder==0.4
 jira==3.8.0
 mergedeep==1.3.4
 python_json_config==1.2.3
-setuptools==69.1.0
-sarif-tools==2.0.0
+setuptools==80.9.0
+sarif-tools==3.0.4