diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2021-12-13 14:41:24 +0200 |
|---|---|---|
| committer |  Topi Miettinen <topimiettinen@users.noreply.github.com> | 2021-12-26 21:52:05 +0000 |
| commit | 4bac5c6d716fcaf2542361e5fb56a4e39586b376 (patch) | |
| tree | 38331c4d90f0c1343f6e81b99fbd89317959bf14 /.github/workflows/codeql-analysis.yml | |
| parent | Fix a typo (diff) | |
| download | firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.gz firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.zst firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.zip | |
CI: pin GitHub actions to SHAs
Pinning actions to SHAs instead of versions improves the supply chain
security:
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4476963b5..03f580132 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
| @@ -43,11 +43,11 @@ jobs: | |||
| 43 | 43 | ||
| 44 | steps: | 44 | steps: |
| 45 | - name: Checkout repository | 45 | - name: Checkout repository |
| 46 | uses: actions/checkout@v2 | 46 | uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 |
| 47 | 47 | ||
| 48 | # Initializes the CodeQL tools for scanning. | 48 | # Initializes the CodeQL tools for scanning. |
| 49 | - name: Initialize CodeQL | 49 | - name: Initialize CodeQL |
| 50 | uses: github/codeql-action/init@v1 | 50 | uses: github/codeql-action/init@e095058bfa09de8070f94e98f5dc059531bc6235 |
| 51 | with: | 51 | with: |
| 52 | languages: ${{ matrix.language }} | 52 | languages: ${{ matrix.language }} |
| 53 | # If you wish to specify custom queries, you can do so here or in a config file. | 53 | # If you wish to specify custom queries, you can do so here or in a config file. |
| @@ -58,7 +58,7 @@ jobs: | |||
| 58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
| 59 | # If this step fails, then you should remove it and run the build manually (see below) | 59 | # If this step fails, then you should remove it and run the build manually (see below) |
| 60 | - name: Autobuild | 60 | - name: Autobuild |
| 61 | uses: github/codeql-action/autobuild@v1 | 61 | uses: github/codeql-action/autobuild@e095058bfa09de8070f94e98f5dc059531bc6235 |
| 62 | 62 | ||
| 63 | # âšī¸ Command-line programs to run using the OS shell. | 63 | # âšī¸ Command-line programs to run using the OS shell. |
| 64 | # đ https://git.io/JvXDl | 64 | # đ https://git.io/JvXDl |
| @@ -72,4 +72,4 @@ jobs: | |||
| 72 | # make release | 72 | # make release |
| 73 | 73 | ||
| 74 | - name: Perform CodeQL Analysis | 74 | - name: Perform CodeQL Analysis |
| 75 | uses: github/codeql-action/analyze@v1 | 75 | uses: github/codeql-action/analyze@e095058bfa09de8070f94e98f5dc059531bc6235 |