From d296e5fff66316c5c70fe87699485aaf99b12fe1 Mon Sep 17 00:00:00 2001 From: Jonathan S Date: Tue, 20 Feb 2024 20:49:23 +0000 Subject: [PATCH] Apply suggestions from code review Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/security-defender-for-devops.yml | 2 +- .github/workflows/security-dependency-review.yml | 1 + .github/workflows/security-ossar.yml | 2 +- .github/workflows/security-scorecard.yml | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 187f90653..0a2173708 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -49,7 +49,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2.22.12 + uses: github/codeql-action/init@v2.22.12 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. diff --git a/.github/workflows/security-defender-for-devops.yml b/.github/workflows/security-defender-for-devops.yml index a75c6f4a8..dc32fc584 100644 --- a/.github/workflows/security-defender-for-devops.yml +++ b/.github/workflows/security-defender-for-devops.yml @@ -63,7 +63,7 @@ jobs: 6.0.x - name: Run Microsoft Security DevOps - uses: microsoft/security-devops-action@e94440350ed10e2806d47cd0d7504a2c51abdbe9 # v1.6.0 + uses: microsoft/security-devops-action@v1.6.0 id: msdo - name: Upload results to Security tab diff --git a/.github/workflows/security-dependency-review.yml b/.github/workflows/security-dependency-review.yml index f76681581..17b0f0506 100644 --- a/.github/workflows/security-dependency-review.yml +++ b/.github/workflows/security-dependency-review.yml @@ -31,4 +31,5 @@ jobs: token: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account. - name: 'Dependency Review' ++ uses: actions/dependency-review-action@v2.5.1 uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 diff --git a/.github/workflows/security-ossar.yml b/.github/workflows/security-ossar.yml index eae2de45f..10db124ae 100644 --- a/.github/workflows/security-ossar.yml +++ b/.github/workflows/security-ossar.yml @@ -65,7 +65,7 @@ jobs: # Run open source static analysis tools - name: Run OSSAR - uses: github/ossar-action@786a16a90ba92b4ae6228fe7382fb16ef5c51000 # v1 + uses: github/ossar-action@v1 id: ossar # Upload results to the Security tab diff --git a/.github/workflows/security-scorecard.yml b/.github/workflows/security-scorecard.yml index 57875f59d..1222d331c 100644 --- a/.github/workflows/security-scorecard.yml +++ b/.github/workflows/security-scorecard.yml @@ -57,6 +57,7 @@ jobs: token: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account. - name: "Run analysis" ++ uses: ossf/scorecard-action@v2.1.2 uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif