diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 36d054f89..7a550ad90 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: languages: ${{ matrix.language }} # security-extended adds experimental security queries on top of the default suite @@ -64,6 +64,6 @@ jobs: # no build step required. - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/grype-sbom.yml b/.github/workflows/grype-sbom.yml index 98c198192..ce15ac0e7 100644 --- a/.github/workflows/grype-sbom.yml +++ b/.github/workflows/grype-sbom.yml @@ -55,6 +55,6 @@ jobs: output-format: sarif - name: Upload Grype SARIF to GitHub Security - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: ${{ steps.grype.outputs.sarif }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e7d0b1ee7..e594039ea 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -56,6 +56,6 @@ jobs: - name: "Upload to code-scanning" # Surfaces Scorecard findings in GitHub → Security → Code scanning alerts # https://docs.github.com/en/code-security/code-scanning - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: results.sarif