@@ -37,15 +37,10 @@ jobs:
3737 persist-credentials : false
3838
3939 - name : " Run analysis"
40- uses : ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
40+ uses : ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
4141 with :
4242 results_file : results.sarif
4343 results_format : sarif
44- # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
45- # - you want to enable the Branch-Protection check on a *public* repository, or
46- # - you are installing Scorecard on a *private* repository
47- # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
48- # repo_token: ${{ secrets.SCORECARD_TOKEN }}
4944
5045 # Public repositories:
5146 # - Publish results to OpenSSF REST API for easy access by consumers
@@ -59,15 +54,14 @@ jobs:
5954 # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
6055 # format to the repository Actions tab.
6156 - name : " Upload artifact"
62- uses : actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
57+ uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
6358 with :
64- name : SARIF file
6559 path : results.sarif
6660 retention-days : 5
6761
6862 # Upload the results to GitHub's code scanning dashboard (optional).
6963 # Commenting out will disable upload of results to your repo's Code Scanning dashboard
7064 - name : " Upload to code-scanning"
71- uses : github/codeql-action/upload-sarif@v3
65+ uses : github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
7266 with :
7367 sarif_file : results.sarif
0 commit comments