Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Scanning Alert- pin dependency by hash #5966

Merged
merged 1 commit into from
Jan 12, 2024
Merged

Code Scanning Alert- pin dependency by hash #5966

merged 1 commit into from
Jan 12, 2024

Conversation

Khatraf
Copy link
Contributor

@Khatraf Khatraf commented Jan 12, 2024
edited
Loading

A reference to the issue / Description of it

Pinned-Dependency
#4998

How does this PR fix the problem?

Pins each Action to an immutable checksum as recommended by GitHub's Security Hardening guide.

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@Khatraf Khatraf requested a review from a team as a code owner January 12, 2024 11:54
@github-actions GitHub Actions
Copy link
Contributor

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan

Show Output 



      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
        





      

  
          

  

    
  

  


        
        @Khatraf
  Khatraf



        merged commit a24e869
      into

      
  
    main
  


    Jan 12, 2024

      

        5 checks passed
      


      

        
          
  
    
    

        
      

  







  

  
  

  
      @Khatraf
  Khatraf


    
    deleted the
    
      
        fix/pinned-dependencies
    
    branch

    January 12, 2024 11:59    
    













  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
          




      

  

    
    

    
  

    Reviewers
  


    


        

          

  
      @davidkelliott
  
    davidkelliott



          
            
              
            
          
          davidkelliott approved these changes

        


      






    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    github-workflow









      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.



  


    
  




      

    

  
      

  

    

      2 participants
    

    

        
          @Khatraf 
        
          @davidkelliott