diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b4b5d425..421ff9aa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -58,7 +58,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3 + uses: github/codeql-action/init@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -84,6 +84,6 @@ jobs: echo ' make release' exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3 + uses: github/codeql-action/analyze@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/semgrep-code-scan.yml b/.github/workflows/semgrep-code-scan.yml index 25f08f6c..01c05f01 100644 --- a/.github/workflows/semgrep-code-scan.yml +++ b/.github/workflows/semgrep-code-scan.yml @@ -43,7 +43,7 @@ jobs: # and add it to your GitHub secrets. SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3 + uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3 with: sarif_file: semgrep.sarif if: always() diff --git a/.github/workflows/snyk-security-scan.yml b/.github/workflows/snyk-security-scan.yml index 7d55b820..cafb442e 100644 --- a/.github/workflows/snyk-security-scan.yml +++ b/.github/workflows/snyk-security-scan.yml @@ -80,6 +80,6 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3 + uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3 with: sarif_file: snyk-code.sarif