Trivy Compliant, Action full SHA

2025-12-16 20:07:06 +03:00 · 2024-10-05 22:13:01 +10:00
parent 61799ba532
commit ed39895c5f
2 changed files with 4 additions and 4 deletions
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -37,11 +37,11 @@ jobs:
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
-        uses: actions/checkout@main
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@master
+        uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e # v4.4.5
        with:
          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
          # You can also omit the token and run the tools that support default configurations
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -13,12 +13,12 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Run Trivy fs vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true