Skip to content

Commit c3339da

Browse files
ausbru87ausbru87
committed
added sha pinning
1 parent 6b8d181 commit c3339da

File tree

2 files changed

+15
-15
lines changed

2 files changed

+15
-15
lines changed

.github/workflows/scorecard.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,26 +21,26 @@ jobs:
2121

2222
steps:
2323
- name: Checkout code
24-
uses: actions/checkout@v4
24+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
2525
with:
2626
persist-credentials: false
2727

2828
- name: Run analysis
29-
uses: ossf/scorecard-action@v2.4.0
29+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
3030
with:
3131
results_file: results.sarif
3232
results_format: sarif
3333
repo_token: ${{ secrets.GITHUB_TOKEN }}
3434
publish_results: true
3535

3636
- name: Upload artifact
37-
uses: actions/upload-artifact@v4
37+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
3838
with:
3939
name: SARIF file
4040
path: results.sarif
4141
retention-days: 5
4242

4343
- name: Upload to code-scanning
44-
uses: github/codeql-action/upload-sarif@v3
44+
uses: github/codeql-action/upload-sarif@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
4545
with:
4646
sarif_file: results.sarif

.github/workflows/security.yaml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,20 @@ jobs:
2929
contents: read
3030
steps:
3131
- name: Checkout repository
32-
uses: actions/checkout@v4
32+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
3333

3434
- name: Setup Go
35-
uses: actions/setup-go@v5
35+
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
3636
with:
3737
go-version-file: "go.mod"
3838

3939
- name: Initialize CodeQL
40-
uses: github/codeql-action/init@v3
40+
uses: github/codeql-action/init@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
4141
with:
4242
languages: go
4343

4444
- name: Perform CodeQL Analysis
45-
uses: github/codeql-action/analyze@v3
45+
uses: github/codeql-action/analyze@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
4646
with:
4747
category: "/language:go"
4848

@@ -54,18 +54,18 @@ jobs:
5454
contents: read
5555
steps:
5656
- name: Checkout repository
57-
uses: actions/checkout@v4
57+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
5858

5959
- name: Setup Go
60-
uses: actions/setup-go@v5
60+
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
6161
with:
6262
go-version-file: "go.mod"
6363

6464
- name: Build binary for linux/amd64
6565
run: make build/linux/amd64
6666

6767
- name: Set up Docker Buildx
68-
uses: docker/setup-buildx-action@v3
68+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
6969

7070
- name: Build Docker image
7171
id: build
@@ -78,28 +78,28 @@ jobs:
7878
echo "image=code-marketplace:scan" >> "$GITHUB_OUTPUT"
7979
8080
- name: Run Trivy vulnerability scanner (table output for logs)
81-
uses: aquasecurity/trivy-action@0.28.0
81+
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
8282
with:
8383
image-ref: ${{ steps.build.outputs.image }}
8484
format: "table"
8585
severity: "LOW,MEDIUM,HIGH,CRITICAL"
8686

8787
- name: Run Trivy vulnerability scanner (SARIF output for GitHub)
88-
uses: aquasecurity/trivy-action@0.28.0
88+
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
8989
with:
9090
image-ref: ${{ steps.build.outputs.image }}
9191
format: "sarif"
9292
output: "trivy-results.sarif"
9393
severity: "LOW,MEDIUM,HIGH,CRITICAL"
9494

9595
- name: Upload Trivy scan results to GitHub Security tab
96-
uses: github/codeql-action/upload-sarif@v3
96+
uses: github/codeql-action/upload-sarif@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
9797
with:
9898
sarif_file: "trivy-results.sarif"
9999
category: "Trivy"
100100

101101
- name: Upload Trivy scan results as artifact
102-
uses: actions/upload-artifact@v4
102+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
103103
with:
104104
name: trivy-results
105105
path: trivy-results.sarif

0 commit comments

Comments
 (0)