1414 schedule :
1515 - cron : ' 0 17 * * 6'
1616
17+ permissions :
18+ contents : read
19+
1720jobs :
1821 analyze :
1922 name : Analyze
2023 runs-on : ubuntu-latest
2124
25+ permissions :
26+ contents : read
27+ security-events : write
28+
2229 strategy :
2330 fail-fast : false
2431 matrix :
@@ -30,11 +37,12 @@ jobs:
3037
3138 steps :
3239 - name : Checkout repository
33- uses : actions/checkout@v3
40+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3441 with :
3542 # We must fetch at least the immediate parents so that if this is
3643 # a pull request then we can checkout the head.
3744 fetch-depth : 2
45+ persist-credentials : false
3846
3947 # If this run was triggered by a pull request event, then checkout
4048 # the head of the pull request instead of the merge commit.
4351
4452 # Initializes the CodeQL tools for scanning.
4553 - name : Initialize CodeQL
46- uses : github/codeql-action/init@v2
54+ uses : github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
4755 with :
4856 languages : ${{ matrix.language }}
4957 # If you wish to specify custom queries, you can do so here or in a config file.
5462 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5563 # If this step fails, then you should remove it and run the build manually (see below)
5664 - name : Autobuild
57- uses : github/codeql-action/autobuild@v2
65+ uses : github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
5866
5967 # ℹ️ Command-line programs to run using the OS shell.
6068 # 📚 https://git.io/JvXDl
6876 # make release
6977
7078 - name : Perform CodeQL Analysis
71- uses : github/codeql-action/analyze@v2
79+ uses : github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
0 commit comments