diff options
author | 2021-12-13 14:41:24 +0200 | |
---|---|---|
committer | 2021-12-26 21:52:05 +0000 | |
commit | 4bac5c6d716fcaf2542361e5fb56a4e39586b376 (patch) | |
tree | 38331c4d90f0c1343f6e81b99fbd89317959bf14 /.github/workflows/codeql-analysis.yml | |
parent | Fix a typo (diff) | |
download | firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.gz firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.zst firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.zip |
CI: pin GitHub actions to SHAs
Pinning actions to SHAs instead of versions improves the supply chain
security:
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4476963b5..03f580132 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -43,11 +43,11 @@ jobs: | |||
43 | 43 | ||
44 | steps: | 44 | steps: |
45 | - name: Checkout repository | 45 | - name: Checkout repository |
46 | uses: actions/checkout@v2 | 46 | uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 |
47 | 47 | ||
48 | # Initializes the CodeQL tools for scanning. | 48 | # Initializes the CodeQL tools for scanning. |
49 | - name: Initialize CodeQL | 49 | - name: Initialize CodeQL |
50 | uses: github/codeql-action/init@v1 | 50 | uses: github/codeql-action/init@e095058bfa09de8070f94e98f5dc059531bc6235 |
51 | with: | 51 | with: |
52 | languages: ${{ matrix.language }} | 52 | languages: ${{ matrix.language }} |
53 | # If you wish to specify custom queries, you can do so here or in a config file. | 53 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -58,7 +58,7 @@ jobs: | |||
58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
59 | # If this step fails, then you should remove it and run the build manually (see below) | 59 | # If this step fails, then you should remove it and run the build manually (see below) |
60 | - name: Autobuild | 60 | - name: Autobuild |
61 | uses: github/codeql-action/autobuild@v1 | 61 | uses: github/codeql-action/autobuild@e095058bfa09de8070f94e98f5dc059531bc6235 |
62 | 62 | ||
63 | # âšī¸ Command-line programs to run using the OS shell. | 63 | # âšī¸ Command-line programs to run using the OS shell. |
64 | # đ https://git.io/JvXDl | 64 | # đ https://git.io/JvXDl |
@@ -72,4 +72,4 @@ jobs: | |||
72 | # make release | 72 | # make release |
73 | 73 | ||
74 | - name: Perform CodeQL Analysis | 74 | - name: Perform CodeQL Analysis |
75 | uses: github/codeql-action/analyze@v1 | 75 | uses: github/codeql-action/analyze@e095058bfa09de8070f94e98f5dc059531bc6235 |