MSDO

Bump the external-dependencies group in /.github/workflows with 2 updates #4477

	name: MSDO

	on:
	push:
	branches: [ "main", "releases/*" ]
	pull_request:
	branches: [ "main", "releases/*" ]

	permissions: read-all

	jobs:
	MSDO:
	name: Run Microsoft Security DevOps Analysis
	runs-on: ubuntu-latest
	permissions:
	id-token: write # This is required for federation to Defender for DevOps
	security-events: write # This is required to upload SARIF files
	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Run Credential Scanning
	uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
	id: credscan
	with:
	policy: Microsoft
	tools: credscan

	- name: Upload results to Security tab
	uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
	with:
	sarif_file: ${{ steps.credscan.outputs.sarifFile }}

Provide feedback