1515 runs-on : ubuntu-latest
1616 steps :
1717 - name : Harden the runner (Audit all outbound calls)
18- uses : step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
18+ uses : step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
1919 with :
2020 egress-policy : audit
2121
3535 timeout-minutes : 10
3636 steps :
3737 - name : Harden the runner (Audit all outbound calls)
38- uses : step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
38+ uses : step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
3939 with :
4040 egress-policy : audit
4141
4747 filter_triggers : ' '
4848
4949 - name : Upload SARIF file to GitHub
50- uses : github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
50+ uses : github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
5151 with :
5252 sarif_file : " ${{steps.octoscan.outputs.sarif_output}}"
5353 category : octoscan
6060 security-events : write # Required for codeql-action/upload-sarif to upload SARIF files.
6161 steps :
6262 - name : Harden the runner (Audit all outbound calls)
63- uses : step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
63+ uses : step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
6464 with :
6565 egress-policy : audit
6666
7373 uses : boostsecurityio/poutine-action@e240ebd3eff8b2db5a8e5f6b28f58739d7db2247 # v1.1.4
7474
7575 - name : Upload poutine SARIF file
76- uses : github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
76+ uses : github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
7777 with :
7878 sarif_file : results.sarif
7979 category : poutine
8686 security-events : write # Required for codeql-action/upload-sarif to upload SARIF files.
8787 steps :
8888 - name : Harden the runner (Audit all outbound calls)
89- uses : step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
89+ uses : step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
9090 with :
9191 egress-policy : audit
9292
9696 persist-credentials : false
9797
9898 - name : Install the latest version of uv
99- uses : astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
99+ uses : astral-sh/setup-uv@11f9893b081a58869d3b5fccaea48c9e9e46f990 # v8.3.2
100100 with :
101101 enable-cache : false
102102
@@ -106,7 +106,7 @@ jobs:
106106 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
107107
108108 - name : Upload SARIF file
109- uses : github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
109+ uses : github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
110110 with :
111111 sarif_file : results.sarif
112112 category : zizmor
0 commit comments