diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index f4b8a93..b405dcf 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -37,6 +37,6 @@ jobs: with: should-scan-archives: true - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/msdo.yml b/.github/workflows/msdo.yml index f04433d..fc0ac66 100644 --- a/.github/workflows/msdo.yml +++ b/.github/workflows/msdo.yml @@ -34,6 +34,6 @@ jobs: id: scan uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0 - name: Upload MSDO scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 with: sarif_file: ${{ steps.scan.outputs.sarifFile }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2fd7d93..8f10020 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -37,6 +37,6 @@ jobs: results_format: sarif publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 with: sarif_file: scorecards-results.sarif