@@ -32,20 +32,20 @@ jobs:
3232
3333 steps :
3434 - name : " Checkout code"
35- uses : actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 .1.0
35+ uses : actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 .1.6
3636 with :
3737 persist-credentials : false
3838
3939 - name : " Run analysis"
40- uses : ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
40+ uses : ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
4141 with :
4242 results_file : results.sarif
4343 results_format : sarif
4444 # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
4545 # - you want to enable the Branch-Protection check on a *public* repository, or
4646 # - you are installing Scorecard on a *private* repository
4747 # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
48- repo_token : ${{ secrets.SCORECARD_TOKEN }}
48+ # repo_token: ${{ secrets.SCORECARD_TOKEN }}
4949
5050 # Public repositories:
5151 # - Publish results to OpenSSF REST API for easy access by consumers
@@ -59,14 +59,14 @@ jobs:
5959 # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
6060 # format to the repository Actions tab.
6161 - name : " Upload artifact"
62- uses : actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
62+ uses : actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
6363 with :
6464 name : SARIF file
6565 path : results.sarif
6666 retention-days : 5
6767
6868 # Upload the results to GitHub's code scanning dashboard.
6969 - name : " Upload to code-scanning"
70- uses : github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
70+ uses : github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
7171 with :
7272 sarif_file : results.sarif
0 commit comments