diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a1c00789..2d2ae020 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Get name id: name @@ -26,12 +26,12 @@ jobs: run: syft ${{ steps.rockcraft.outputs.rock }} -o spdx-json=${{ steps.name.outputs.name }}.sbom.json - name: Upload SBOM - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: ${{ steps.name.outputs.name }}-sbom path: "${{ steps.name.outputs.name }}.sbom.json" - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: rock path: ${{ steps.rockcraft.outputs.rock }} diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 9683f485..b9a2d618 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Log in to the Container registry uses: docker/login-action@a5609cb39f57be157c39b77359abfaa43aeaeb8f @@ -26,7 +26,7 @@ jobs: run: | sudo snap install yq - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: rock diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 0396fc1c..dc642d7d 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Get name and version id: image_info @@ -25,6 +25,6 @@ jobs: output: 'trivy-results.sarif' - name: Upload scan results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2 with: sarif_file: 'trivy-results.sarif'