7474
7575 - name : Upload Semgrep SARIF results
7676 if : inputs.scan-type == 'semgrep' && always()
77- uses : github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
77+ uses : github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
7878 with :
7979 sarif_file : semgrep.sarif
8080
9696
9797 - name : Upload Trivy filesystem scan results
9898 if : inputs.scan-type == 'trivy-fs' && always()
99- uses : github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
99+ uses : github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
100100 with :
101101 sarif_file : ' trivy-fs-results.sarif'
102102
@@ -118,7 +118,7 @@ jobs:
118118
119119 - name : Upload Hadolint SARIF results
120120 if : inputs.scan-type == 'hadolint' && always()
121- uses : github/codeql-action/upload-sarif@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
121+ uses : github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
122122 with :
123123 sarif_file : hadolint-results.sarif
124124
@@ -144,7 +144,7 @@ jobs:
144144 # TODO: ensure branch protection prevents direct pushes to main.
145145 - name : Initialize CodeQL
146146 if : inputs.scan-type == 'codeql'
147- uses : github/codeql-action/init@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
147+ uses : github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
148148 with :
149149 languages : python
150150 queries : security-extended,security-and-quality
@@ -153,13 +153,13 @@ jobs:
153153
154154 - name : Initialize CodeQL (fallback)
155155 if : inputs.scan-type == 'codeql' && steps.codeql-init-extended.outcome == 'failure'
156- uses : github/codeql-action/init@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
156+ uses : github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
157157 with :
158158 languages : python
159159 queries : security-and-quality
160160
161161 - name : Perform CodeQL Analysis
162162 if : inputs.scan-type == 'codeql'
163- uses : github/codeql-action/analyze@dc73d59c2d7bd4f8194098a91219eeee6d8a1719 # v4
163+ uses : github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
164164 with :
165165 category : " /language:python"
0 commit comments