Skip to content

Commit dba834a

Browse files
ci: pin dependencies
Signed-off-by: StepSecurity Bot <[email protected]>
1 parent eeacb32 commit dba834a

File tree

3 files changed

+9
-9
lines changed

3 files changed

+9
-9
lines changed

.github/workflows/codeql.yml

+4-4
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,11 @@ jobs:
4141

4242
steps:
4343
- name: Checkout repository
44-
uses: actions/checkout@v4
44+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4545

4646
# Initializes the CodeQL tools for scanning.
4747
- name: Initialize CodeQL
48-
uses: github/codeql-action/init@v3
48+
uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
4949
with:
5050
languages: ${{ matrix.language }}
5151
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
5555
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5656
# If this step fails, then you should remove it and run the build manually (see below)
5757
- name: Autobuild
58-
uses: github/codeql-action/autobuild@v3
58+
uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
5959

6060
# ℹ️ Command-line programs to run using the OS shell.
6161
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -68,6 +68,6 @@ jobs:
6868
# ./location_of_script_within_repo/buildscript.sh
6969

7070
- name: Perform CodeQL Analysis
71-
uses: github/codeql-action/analyze@v3
71+
uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
7272
with:
7373
category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,6 @@ jobs:
1717
runs-on: ubuntu-latest
1818
steps:
1919
- name: 'Checkout Repository'
20-
uses: actions/checkout@v4
20+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2121
- name: 'Dependency Review'
22-
uses: actions/dependency-review-action@v4
22+
uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/scorecards.yml

+3-3
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636

3737
steps:
3838
- name: "Checkout code"
39-
uses: actions/checkout@v4
39+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4040
with:
4141
persist-credentials: false
4242

@@ -63,14 +63,14 @@ jobs:
6363
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
6464
# format to the repository Actions tab.
6565
- name: "Upload artifact"
66-
uses: actions/upload-artifact@v4
66+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
6767
with:
6868
name: SARIF file
6969
path: results.sarif
7070
retention-days: 5
7171

7272
# Upload the results to GitHub's code scanning dashboard.
7373
- name: "Upload to code-scanning"
74-
uses: github/codeql-action/upload-sarif@v3
74+
uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
7575
with:
7676
sarif_file: results.sarif

0 commit comments

Comments
 (0)