diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bab62e3..8259f50 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,15 +32,15 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Initialize CodeQL - uses: github/codeql-action/init@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 + uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 with: languages: ${{ matrix.language }} queries: security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 + uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 + uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 8429993..8c91ec8 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -60,7 +60,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3 + uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4 if: always() with: sarif_file: 'trivy-results.sarif' @@ -118,7 +118,7 @@ jobs: output: 'trivy-docker-results.sarif' - name: Upload Docker Trivy scan results - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3 + uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4 if: always() with: sarif_file: 'trivy-docker-results.sarif'