From 88b5e65e5507a4c8d8c61b36b191d12d990be8d9 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Sat, 24 Jun 2023 11:40:39 -0700
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#401)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/scorecards-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 23c293726f..975383a92b 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -40,7 +40,7 @@ jobs:
     steps:
 
       - name: "Checkout code"
-        uses: actions/checkout@v3.5.3   # 3.1.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           persist-credentials: false