[NRL-1922] Enforce https when using curl in workflows

mattdean3-nhs · mattdean3-nhs · commit 1f0965ebd457 · 2026-03-11T15:38:34.000Z
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -60,7 +60,7 @@ jobs:
         run: |
           DOWNLOAD_URL="https://github.com/anchore/syft/releases/download/v${{ env.SYFT_VERSION }}/syft_${{ env.SYFT_VERSION }}_linux_${{ steps.os-arch.outputs.arch }}.tar.gz"
           echo "Downloading: ${DOWNLOAD_URL}"
-          curl -L -o syft.tar.gz "${DOWNLOAD_URL}"
+          curl --proto '=https' --tlsv1.2 --location --output syft.tar.gz "${DOWNLOAD_URL}"
           tar -xzf syft.tar.gz
           chmod +x syft
           # Add to PATH for subsequent steps
