diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 95a6f4b..8f44f8d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -50,7 +50,7 @@ jobs: echo ' make release' exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3 with: category: "/language:${{matrix.language}}" # we don't want to upload security vulns for code that is not merged yet diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 62ddbdb..6752bb6 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -35,7 +35,7 @@ jobs: # generate the SARIF file to upload to the GitHub Advanced Security Dashboard - run: semgrep ci --sarif > semgrep.sarif - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3 with: sarif_file: semgrep.sarif # we don't want to upload security vulns for code that is not merged yet diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index c99c03a..804464f 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -45,12 +45,12 @@ jobs: - name: display json output run: cat snyk-os.sarif - name: Upload snyk code result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3 with: sarif_file: snyk-code.sarif - name: display json output run: cat snyk-code.sarif - name: Upload snyk open source result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3 with: sarif_file: snyk-os.sarif