diff --git a/.github/workflows/reusable-codeql.yml b/.github/workflows/reusable-codeql.yml index e245813..2cf5135 100644 --- a/.github/workflows/reusable-codeql.yml +++ b/.github/workflows/reusable-codeql.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f0a12816612c7306b485a22cb164feb43c6df818 # v2.11.2 + uses: github/codeql-action/init@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 with: languages: ${{ inputs.language }} config-file: ${{ inputs.config-file }} @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f0a12816612c7306b485a22cb164feb43c6df818 # v2.11.2 + uses: github/codeql-action/autobuild@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,5 +88,5 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f0a12816612c7306b485a22cb164feb43c6df818 # v2.11.2 + uses: github/codeql-action/analyze@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 diff --git a/.github/workflows/reusable-scorecards.yml b/.github/workflows/reusable-scorecards.yml index 0d7fd4c..a75191d 100644 --- a/.github/workflows/reusable-scorecards.yml +++ b/.github/workflows/reusable-scorecards.yml @@ -101,7 +101,7 @@ jobs: path: results.sarif - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 with: sarif_file: results.sarif diff --git a/.github/workflows/reusable-trivy.yml b/.github/workflows/reusable-trivy.yml index 673ea94..3ede359 100644 --- a/.github/workflows/reusable-trivy.yml +++ b/.github/workflows/reusable-trivy.yml @@ -86,7 +86,7 @@ jobs: path: '${{ inputs.sarif }}' - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 with: sarif_file: '${{ inputs.sarif }}' @@ -143,7 +143,7 @@ jobs: path: '${{ inputs.sarif }}' - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 with: sarif_file: '${{ inputs.sarif }}'