Skip to content

Commit 51e5b8b

Browse files
xophamxopham
authored
ci: pin github actions by hash and update via dependabot (#88)
* Add dependabot for github actions * Pin actions by hash
1 parent d86915d commit 51e5b8b

File tree

3 files changed

+18
-3
lines changed

3 files changed

+18
-3
lines changed

.github/dependabot.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# To get started with Dependabot version updates, you'll need to specify which
2+
# package ecosystems to update and where the package manifests are located.
3+
# Please see the documentation for all configuration options:
4+
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
5+
6+
version: 2
7+
updates:
8+
- package-ecosystem: "github-actions"
9+
directory: "/"
10+
schedule:
11+
interval: "monthly"
12+
groups:
13+
gh-actions-packages:
14+
patterns:
15+
- "*"

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ jobs:
5757
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
5858
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
5959
- name: Upload Trivy scan results to GitHub Security tab
60-
uses: github/codeql-action/upload-sarif@v3
60+
uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
6161
with:
6262
sarif_file: 'trivy-results.sarif'
6363

.github/workflows/vuln-check.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
runs-on: "ubuntu-20.04"
2323
steps:
2424
- name: Checkout code
25-
uses: actions/checkout@v3
25+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
2626

2727
- name: Free Disk Space (Ubuntu) # Reclaim disk space for scan
2828
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
@@ -42,7 +42,7 @@ jobs:
4242
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
4343

4444
- name: Upload Trivy scan results to GitHub Security tab
45-
uses: github/codeql-action/upload-sarif@v3
45+
uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
4646
if: always()
4747
with:
4848
sarif_file: 'trivy-results.sarif'

0 commit comments

Comments
 (0)