[StepSecurity] ci: Harden GitHub Actions (#254)

step-security-bot · web-flow · commit 7ad3c48d46f8 · 2024-01-03T16:05:50.000Z
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -53,13 +53,13 @@ jobs:
           category: "/language:${{ matrix.language }}"
                     
       - name: CodeQL and Dependabot Report Action
-        uses: rsdmike/github-security-report-action@v3.0.4
+        uses: rsdmike/github-security-report-action@a149b24539044c92786ec39af8ba38c93496495d # v3.0.4
         with:
           template: report
           token: ${{ secrets.SECURITY_TOKEN }}
 
       - name: GitHub Upload Release Artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
         with:
           name: report
           path: |
