From 570cd926cd9d81217009010cf740cb6e18bf4267 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:37:50 -0400 Subject: [PATCH] Switch github upload sarif to tag GitHub owed actions are allowed to use tags instead of SHAs Co-authored-by: Jacob Wallraff --- code-scanning/endorlabs.yml | 2 +- code-scanning/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml index 7f3951a..cea041d 100644 --- a/code-scanning/endorlabs.yml +++ b/code-scanning/endorlabs.yml @@ -46,6 +46,6 @@ jobs: ci_run: "false" sarif_file: findings.sarif - name: Upload SARIF to github - uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: findings.sarif diff --git a/code-scanning/scorecard.yml b/code-scanning/scorecard.yml index d7474f9..b58ec1f 100644 --- a/code-scanning/scorecard.yml +++ b/code-scanning/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif