msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow

Browse Source 
Pin the remaining unpinned GitHub Action reference to a full commit SHA,
matching the pinning convention already used across other workflows in
this repository. Aligns with the Kubernetes GitHub Actions security policy.

Signed-off-by: Terry Howe <thowe@nvidia.com>
pull/31974/head
Terry Howe 2 weeks ago
parent b3927b3900
commit 7025480397
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
.github/workflows/scorecards.yml vendored
Unescape View File

@ -64,6 +64,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
with:
sarif_file: results.sarif

Write Preview
Loading…
Cancel
Save