From 9341624dba912786895b2de0231cf2b0f14c0608 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Sat, 24 Jun 2023 11:40:39 -0700 Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#401) Signed-off-by: StepSecurity Bot --- .github/workflows/scorecards-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 23c293726f..975383a92b 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -40,7 +40,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v3.5.3 # 3.1.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false