Fix last SonarCloud security hotspot: dependency-check SHA

reidspencer · claude · reidspencer · commit 807bdba6e743 · 2026-01-20T08:37:16.000-05:00
Use full SHA for dependency-check/Dependency-Check_Action instead of
branch reference "main" to satisfy supply chain security requirements.

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/scala.yml b/.github/workflows/scala.yml
@@ -170,7 +170,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Run Dependency Check
-      uses: dependency-check/Dependency-Check_Action@main
+      uses: dependency-check/Dependency-Check_Action@1e54355a8b4c8abaa8cc7d0b70aa655a3bb15a6c # main
       with:
         project: 'riddl'
         path: '.'
