diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 045bb50..fca9054 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -21,15 +21,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 with: go-version: '1.23' - name: Cache Go modules - uses: actions/cache@v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 with: path: | ~/.cache/go-build @@ -45,7 +45,7 @@ jobs: args: '-fmt sarif -out gosec-results.sarif ./...' - name: Upload gosec results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3 if: always() with: sarif_file: gosec-results.sarif @@ -118,21 +118,21 @@ jobs: # SAST with CodeQL (if available) - name: Initialize CodeQL if: github.event_name != 'schedule' - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3 with: languages: go - name: Autobuild if: github.event_name != 'schedule' - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3 - name: Perform CodeQL Analysis if: github.event_name != 'schedule' - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3 # Upload artifacts for review - name: Upload security scan results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: security-scan-results