aboutsummaryrefslogtreecommitdiff
path: root/.github/workflows/scorecards.yml
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows/scorecards.yml')
-rw-r--r--.github/workflows/scorecards.yml8
1 files changed, 4 insertions, 4 deletions
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 8a693fa2..a5d5f02a 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -27,12 +27,12 @@ jobs:
steps:
- name: "Checkout code"
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v3
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # tag=v2.1.2
+ uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # tag=v2.3.1
with:
results_file: results.sarif
results_format: sarif
@@ -51,7 +51,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2
+ uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # tag=v4.3.1
with:
name: SARIF file
path: results.sarif
@@ -59,6 +59,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@67a35a08586135a9573f4327e904ecbf517a882d # tag=v2.2.8
+ uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # tag=v3.24.7
with:
sarif_file: results.sarif
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 18:36:15 +0000