diff --git a/.github/workflows/malcontent.yaml b/.github/workflows/malcontent.yaml index f3ff37a..5bd4922 100644 --- a/.github/workflows/malcontent.yaml +++ b/.github/workflows/malcontent.yaml @@ -22,7 +22,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1 with: fetch-depth: 0 # Fetch all history for proper diff analysis @@ -35,7 +35,7 @@ jobs: # NB: Could also set `fail-on-increase: false` and use `if: ${{steps.malcontent.outputs.risk-delta > 5}}` to allow some risk increase - name: Upload SARIF - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 #v3.29.0 - 11 Jun 2025 + uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 #v3.29.0 - 11 Jun 2025 if: always() # Upload even if the malcontent check fails with: sarif_file: ${{ steps.malcontent.outputs.sarif-file }}