fix: pin github actions (#7228)

Repository follow standard to use git hash to pin the GitHub actions. Updated the container security scan workflow actions with their git hashes Signed-off-by: Chaminda Divitotawela <[email protected]>
hyperledger · Jun 14, 2024 · 1837f46 · 1837f46
1 parent 884834f
commit 1837f46
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/container-security-scan.yml b/.github/workflows/container-security-scan.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       # Shell parameter expansion does not support directly on a step
       # Adding a separate step to set the image tag. This allows running
@@ -31,14 +31,14 @@ jobs:
 
       - name: Vulnerability scanner
         id: trivy
-        uses: aquasecurity/trivy-action@0.22.0
+        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d
         with:
           image-ref: hyperledger/besu:${{ steps.tag.outputs.TAG }}
           format: sarif
           output: 'trivy-results.sarif'
 
       # Check the vulnerabilities via GitHub security tab
       - name: Upload results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251
         with:
           sarif_file: 'trivy-results.sarif'