4620c76b38
* update action hashes and version comments ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore change. https://blog.sigstore.dev/tuf-root-update/ Signed-off-by: Spencer Schrock <sschrock@google.com> * downgrade actions/upload-artifact to node20 version of v3 dependabot will suggest upgrade to v4.3.1 for repos that can upgrade. note: v3.pre.node20 is how dependabot refers to the pinned hash, so use that so it can upgrade the comment Signed-off-by: Spencer Schrock <sschrock@google.com> * upgrade github/codeql-action/upload-sarif to v3.24.9 Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: Alexis Abril <alexisabril@github.com>
Code Scanning Workflows
GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Before you can configure code scanning for a repository, you must enable code scanning by adding a GitHub Actions workflow to the repository. For more information, see Setting up code scanning for a repository.