Skip to content

Commit 542a7de

Browse files
authored
Merge pull request #308 from finos/fix/codeql-action-imposter-pin
ci: fix imposter codeql-action pin across workflows
2 parents 3da2613 + 237547d commit 542a7de

3 files changed

Lines changed: 9 additions & 9 deletions

File tree

.github/workflows/dev-containers.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ jobs:
203203
severity: ${{ env.SCAN_LEVEL == 'full' && 'CRITICAL,HIGH,MEDIUM' || 'CRITICAL,HIGH' }}
204204

205205
- name: Upload Trivy scan results
206-
uses: github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
206+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
207207
if: always()
208208
with:
209209
sarif_file: 'trivy-results-py${{ matrix.python-version }}.sarif'
@@ -219,7 +219,7 @@ jobs:
219219

220220
- name: Upload Hadolint scan results
221221
if: matrix.python-version == needs.config.outputs.default-python-version
222-
uses: github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
222+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
223223
with:
224224
sarif_file: hadolint-dockerfile.sarif
225225

.github/workflows/reusable-security.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ jobs:
7474
7575
- name: Upload Semgrep SARIF results
7676
if: inputs.scan-type == 'semgrep' && always()
77-
uses: github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
77+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
7878
with:
7979
sarif_file: semgrep.sarif
8080

@@ -96,7 +96,7 @@ jobs:
9696

9797
- name: Upload Trivy filesystem scan results
9898
if: inputs.scan-type == 'trivy-fs' && always()
99-
uses: github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
99+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
100100
with:
101101
sarif_file: 'trivy-fs-results.sarif'
102102

@@ -118,7 +118,7 @@ jobs:
118118

119119
- name: Upload Hadolint SARIF results
120120
if: inputs.scan-type == 'hadolint' && always()
121-
uses: github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
121+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
122122
with:
123123
sarif_file: hadolint-results.sarif
124124

@@ -144,7 +144,7 @@ jobs:
144144
# TODO: ensure branch protection prevents direct pushes to main.
145145
- name: Initialize CodeQL
146146
if: inputs.scan-type == 'codeql'
147-
uses: github/codeql-action/init@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
147+
uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
148148
with:
149149
languages: python
150150
queries: security-extended,security-and-quality
@@ -153,13 +153,13 @@ jobs:
153153

154154
- name: Initialize CodeQL (fallback)
155155
if: inputs.scan-type == 'codeql' && steps.codeql-init-extended.outcome == 'failure'
156-
uses: github/codeql-action/init@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
156+
uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
157157
with:
158158
languages: python
159159
queries: security-and-quality
160160

161161
- name: Perform CodeQL Analysis
162162
if: inputs.scan-type == 'codeql'
163-
uses: github/codeql-action/analyze@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
163+
uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
164164
with:
165165
category: "/language:python"

.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,6 @@ jobs:
3535
publish_results: true
3636

3737
- name: Upload Scorecard SARIF results
38-
uses: github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
38+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
3939
with:
4040
sarif_file: scorecard-results.sarif

0 commit comments

Comments
 (0)