1919 name : Analyze
2020 runs-on : ubuntu-latest
2121
22+ permissions :
23+ contents : read
24+ security-events : write
25+
2226 strategy :
2327 fail-fast : false
2428 matrix :
@@ -30,11 +34,12 @@ jobs:
3034
3135 steps :
3236 - name : Checkout repository
33- uses : actions/checkout@v3
37+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3438 with :
3539 # We must fetch at least the immediate parents so that if this is
3640 # a pull request then we can checkout the head.
3741 fetch-depth : 2
42+ persist-credentials : false
3843
3944 # If this run was triggered by a pull request event, then checkout
4045 # the head of the pull request instead of the merge commit.
4348
4449 # Initializes the CodeQL tools for scanning.
4550 - name : Initialize CodeQL
46- uses : github/codeql-action/init@v2
51+ uses : github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
4752 with :
4853 languages : ${{ matrix.language }}
4954 # If you wish to specify custom queries, you can do so here or in a config file.
5459 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5560 # If this step fails, then you should remove it and run the build manually (see below)
5661 - name : Autobuild
57- uses : github/codeql-action/autobuild@v2
62+ uses : github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
5863
5964 # ℹ️ Command-line programs to run using the OS shell.
6065 # 📚 https://git.io/JvXDl
6873 # make release
6974
7075 - name : Perform CodeQL Analysis
71- uses : github/codeql-action/analyze@v2
76+ uses : github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
0 commit comments