diff --git a/.github/workflows/_reusable-codeql-analysis.yml b/.github/workflows/_reusable-codeql-analysis.yml index ebe9a430..1bbd2097 100644 --- a/.github/workflows/_reusable-codeql-analysis.yml +++ b/.github/workflows/_reusable-codeql-analysis.yml @@ -27,12 +27,12 @@ jobs: - name: Checkout repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Initialize CodeQL - uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: languages: ${{ matrix.language }} queries: ${{ inputs.codeql-queries }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: category: /language:${{matrix.language}} # Check that all jobs passed diff --git a/.github/workflows/_reusable-sbom-scan.yml b/.github/workflows/_reusable-sbom-scan.yml index 08f76ba3..4d63324a 100644 --- a/.github/workflows/_reusable-sbom-scan.yml +++ b/.github/workflows/_reusable-sbom-scan.yml @@ -52,6 +52,6 @@ jobs: if-no-files-found: error - name: Upload SBOM scan SARIF report to GitHub UI Security tab if: ${{ always() && github.event_name != 'pull_request' && contains(fromJSON('["success", "failure"]'), steps.scan.outcome) }} - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: ${{ steps.scan.outputs.sarif }}