diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7ef2987c..b90edc14 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -169,7 +169,7 @@ jobs: - name: Upload Trivy results if: always() && vars.ENABLE_CODE_SCANNING == 'true' - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4 with: sarif_file: trivy-${{ matrix.app }}.sarif category: trivy-${{ matrix.app }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b8ea2f5e..f7c8d155 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,6 +41,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload to code scanning - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4 with: sarif_file: results.sarif