pin actions

This commit is contained in:
laurentsimon
2021-12-28 17:49:56 +00:00
parent a00db4437c
commit a894da71d1
+5 -5
View File
@@ -20,7 +20,9 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@v1
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@59f9117686133e93b60a8f23131f87089a076e1b
@@ -56,8 +58,7 @@ jobs:
# https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
# This is optional.
- name: "Upload artifact"
# Note: scorecard will flag this line if not pinned by hash.
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
with:
name: SARIF file
path: results.sarif
@@ -66,7 +67,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
# This is required to visualize the results on GitHub website.
- name: "Upload to code-scanning"
# Note: scorecard will flag this line if not pinned by hash.
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
with:
sarif_file: results.sarif