diff --git a/.github/workflows/reusable-codeql.yml b/.github/workflows/reusable-codeql.yml index 6db308a..b7d1d86 100644 --- a/.github/workflows/reusable-codeql.yml +++ b/.github/workflows/reusable-codeql.yml @@ -30,12 +30,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4 + uses: github/codeql-action/init@7188fc363630916deb702c7fdcf4e481b751f97a # v4 with: languages: ${{ inputs.language }} build-mode: ${{ inputs.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4 + uses: github/codeql-action/analyze@7188fc363630916deb702c7fdcf4e481b751f97a # v4 with: category: "/language:${{inputs.language}}" \ No newline at end of file diff --git a/.github/workflows/reusable-ossf-scorecard.yml b/.github/workflows/reusable-ossf-scorecard.yml index 0665055..cda7243 100644 --- a/.github/workflows/reusable-ossf-scorecard.yml +++ b/.github/workflows/reusable-ossf-scorecard.yml @@ -70,6 +70,6 @@ jobs: # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" if: ${{ inputs.upload-code-scanning }} - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4 + uses: github/codeql-action/upload-sarif@7188fc363630916deb702c7fdcf4e481b751f97a # v4 with: sarif_file: ${{ inputs.sarif-file }}