Skip to content

Commit 5bf4ea0

Browse files
committed
ci: harden CodeQL workflow pinning (#300)
1 parent f37d938 commit 5bf4ea0

1 file changed

Lines changed: 6 additions & 4 deletions

File tree

.github/workflows/codeql.yml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ permissions:
1616
jobs:
1717
analyze:
1818
name: Analyze (${{ matrix.language }})
19-
runs-on: ubuntu-latest
19+
runs-on: ubuntu-24.04
20+
timeout-minutes: 60
2021
strategy:
2122
fail-fast: false
2223
matrix:
@@ -28,15 +29,16 @@ jobs:
2829

2930
steps:
3031
- name: Checkout
31-
uses: actions/checkout@v4
32+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
3233

3334
- name: Initialize CodeQL
34-
uses: github/codeql-action/init@v4
35+
uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc
3536
with:
3637
languages: ${{ matrix.language }}
3738
build-mode: ${{ matrix.build-mode }}
39+
queries: security-extended,security-and-quality
3840

3941
- name: Perform CodeQL Analysis
40-
uses: github/codeql-action/analyze@v4
42+
uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc
4143
with:
4244
category: /language:${{ matrix.language }}

0 commit comments

Comments
 (0)