diff options
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cdbf1f2bf..4f06a3f26 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -74,13 +74,14 @@ jobs: | |||
74 | 74 | ||
75 | steps: | 75 | steps: |
76 | - name: Harden Runner | 76 | - name: Harden Runner |
77 | uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 | 77 | uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f |
78 | with: | 78 | with: |
79 | disable-sudo: true | 79 | disable-sudo: true |
80 | egress-policy: block | 80 | egress-policy: block |
81 | allowed-endpoints: > | 81 | allowed-endpoints: > |
82 | api.github.com:443 | 82 | api.github.com:443 |
83 | github.com:443 | 83 | github.com:443 |
84 | objects.githubusercontent.com:443 | ||
84 | uploads.github.com:443 | 85 | uploads.github.com:443 |
85 | 86 | ||
86 | - name: Checkout repository | 87 | - name: Checkout repository |
@@ -88,7 +89,7 @@ jobs: | |||
88 | 89 | ||
89 | # Initializes the CodeQL tools for scanning. | 90 | # Initializes the CodeQL tools for scanning. |
90 | - name: Initialize CodeQL | 91 | - name: Initialize CodeQL |
91 | uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b | 92 | uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 |
92 | with: | 93 | with: |
93 | languages: ${{ matrix.language }} | 94 | languages: ${{ matrix.language }} |
94 | # If you wish to specify custom queries, you can do so here or in a config file. | 95 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -99,7 +100,7 @@ jobs: | |||
99 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 100 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
100 | # If this step fails, then you should remove it and run the build manually (see below) | 101 | # If this step fails, then you should remove it and run the build manually (see below) |
101 | - name: Autobuild | 102 | - name: Autobuild |
102 | uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b | 103 | uses: github/codeql-action/autobuild@d186a2a36cc67bfa1b860e6170d37fb9634742c7 |
103 | 104 | ||
104 | # âšī¸ Command-line programs to run using the OS shell. | 105 | # âšī¸ Command-line programs to run using the OS shell. |
105 | # đ https://git.io/JvXDl | 106 | # đ https://git.io/JvXDl |
@@ -113,4 +114,4 @@ jobs: | |||
113 | # make release | 114 | # make release |
114 | 115 | ||
115 | - name: Perform CodeQL Analysis | 116 | - name: Perform CodeQL Analysis |
116 | uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b | 117 | uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 |