diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fd9bbefe4..6718e5cce 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -94,6 +94,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index a85488fb6..3723cb816 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -58,6 +58,6 @@ jobs: path: devskim-results.sarif - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/electronegativity.yml b/.github/workflows/electronegativity.yml index 5be722599..d7abc979c 100644 --- a/.github/workflows/electronegativity.yml +++ b/.github/workflows/electronegativity.yml @@ -29,6 +29,6 @@ jobs: input: . version: latest - name: Upload SARIF results - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: sarif_file: ../electronegativity_results diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 6a30fc0ba..caa94597e 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -82,7 +82,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v2.27.0 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v2.27.0 with: sarif_file: eslint-results.sarif wait-for-processing: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 79f18b2c5..208597cdf 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -119,6 +119,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v2.27.0 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v2.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/security-devops.yml b/.github/workflows/security-devops.yml index fca95d86c..f6f9f53ac 100644 --- a/.github/workflows/security-devops.yml +++ b/.github/workflows/security-devops.yml @@ -40,6 +40,6 @@ jobs: uses: microsoft/security-devops-action@d0736c546281e0632667b8e0046ae3d7bba0bf67 # latest id: msdo - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }}