msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow

Browse Source 
Pin the remaining unpinned GitHub Action reference to a full commit SHA,
matching the pinning convention already used across other workflows in
this repository. Aligns with the Kubernetes GitHub Actions security policy.

Signed-off-by: George Jenkins <gvjenkins@gmail.com>
pull/32026/head
Terry Howe 2 weeks ago committed by George Jenkins
parent 6d809b20f1
commit ec05dd5f04
No known key found for this signature in database
GPG Key ID: D79D67C9EC016739
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
.github/workflows/scorecards.yml vendored
Unescape View File

@ -64,6 +64,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1
with:
sarif_file: results.sarif

Write Preview
Loading…
Cancel
Save