Added dependabot configuration

Signed-off-by: Taras Drozdovskyi <t.drozdovsky@samsung.com>

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+# Enable version updates for Actions
+  - package-ecosystem: github-actions
+    directory: /
+    # Check for updates once a month
+    schedule:
+      interval: monthly
+    # Allow up to 15 open pull requests for github-actions dependencies
+    open-pull-requests-limit: 15
+

.github/workflows/build.yml

@@ -12,7 +12,7 @@ jobs:
         platform: [numaker_pfm_m2351, m2351_badge, mps2_an505_qemu]
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
       - name: Install extra tools
         run: |

.github/workflows/fossology.yml

@@ -12,7 +12,7 @@ jobs:
       image: fossology/fossology:scanner
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
       - name: Fossology run
         run: |
@@ -22,12 +22,12 @@ jobs:
         continue-on-error: true
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
         with:
           name: scan-fossology-report
           path: ./results
 
       - name: Artifact download
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
         with:
           name: scan-fossology-report

.github/workflows/license-finder.yml

@@ -12,20 +12,20 @@ jobs:
       image: gianlucadb0/license_finder
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
       - name: License finder run
         run: | 
           license_finder approvals add awesome_gpl_gem
           license_finder > ./license-finder-report
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
         with:
           name: scan-license-finder-report
           path: ./license-finder-report
 
       - name: Artifact download
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
         with:
           name: scan-license-finder-report

.github/workflows/scancode.yml

@@ -12,7 +12,7 @@ jobs:
       image: gianlucadb0/scancode-toolkit
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
       - name: Create results directory
         run: mkdir results
@@ -21,12 +21,12 @@ jobs:
         run: scancode -clpeui -n 2 --cyclonedx ./results/sbom-cyclonedx --spdx-rdf ./results/sbom-spdx ./
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
         with:
           name: scan-scancode-report
           path: ./results/
 
       - name: Artifact download
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
         with:
           name: scan-scancode-report

.github/workflows/scorecards-analysis.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
         with:
           persist-credentials: false
 
@@ -40,7 +40,7 @@ jobs:
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
         with:
           name: SARIF file
           path: results.sarif