[StepSecurity] ci: Harden GitHub Actions (#210)

step-security-bot · web-flow · commit 43181a0f23bd · 2023-11-17T11:53:02.000Z
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/workflows/static-scan.yml b/.github/workflows/static-scan.yml
@@ -41,7 +41,7 @@ jobs:
     name: Hadolint
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-    - uses: hadolint/hadolint-action@v3.1.0
+    - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
       name: Run Hadolint
       with:
        dockerfile: ./docker/userspacecni/Dockerfile
diff --git a/.github/workflows/trivy-testpmd.yml b/.github/workflows/trivy-testpmd.yml
@@ -42,6 +42,6 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
         with:
           sarif_file: 'testpmd-trivy-results.sarif'
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -44,6 +44,6 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
         with:
           sarif_file: 'trivy-results.sarif'
