diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index df50b5f52..af34e392a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -395,7 +395,7 @@ jobs: - name: Upload Trivy Scan Results to GitHub Security Tab if: ${{ (github.repository_owner == 'samply') || (vars.IMAGE_SCAN_UPLOAD == 'true') }} - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3 with: sarif_file: trivy-results.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 25dbec3ae..2d12f1d61 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -61,6 +61,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3 with: sarif_file: results.sarif