diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 3e71babf..f3fb342a 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -37,7 +37,7 @@ jobs: ignore-unfixed: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@18fe527fa8b29f134bb91f32f1a5dc5abb15ed7f # tag=v2.1.30 + uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # tag=v2.1.31 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/ossf-scorecard-action.yaml b/.github/workflows/ossf-scorecard-action.yaml index ebcf1d08..4998f338 100644 --- a/.github/workflows/ossf-scorecard-action.yaml +++ b/.github/workflows/ossf-scorecard-action.yaml @@ -54,6 +54,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@18fe527fa8b29f134bb91f32f1a5dc5abb15ed7f # tag=v2.1.30 + uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # tag=v2.1.31 with: sarif_file: results.sarif