Skip to content

Commit 1f0965e

Browse files
committed
[NRL-1922] Enforce https when using curl in workflows
1 parent 5d44a74 commit 1f0965e

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ jobs:
6060
run: |
6161
DOWNLOAD_URL="https://github.com/anchore/syft/releases/download/v${{ env.SYFT_VERSION }}/syft_${{ env.SYFT_VERSION }}_linux_${{ steps.os-arch.outputs.arch }}.tar.gz"
6262
echo "Downloading: ${DOWNLOAD_URL}"
63-
curl -L -o syft.tar.gz "${DOWNLOAD_URL}"
63+
curl --proto '=https' --tlsv1.2 --location --output syft.tar.gz "${DOWNLOAD_URL}"
6464
tar -xzf syft.tar.gz
6565
chmod +x syft
6666
# Add to PATH for subsequent steps

0 commit comments

Comments
 (0)