diff --git a/.github/actions/docker-scan/action.yml b/.github/actions/docker-scan/action.yml index 19024915..1fc6313d 100644 --- a/.github/actions/docker-scan/action.yml +++ b/.github/actions/docker-scan/action.yml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Run docker vulnerability scanner - uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320 + uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 with: image-ref: "${{ inputs.docker_image }}" format: "sarif" @@ -33,7 +33,7 @@ runs: shell: bash - name: Upload trivy scan results to github security tab - uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 + uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 with: sarif_file: "trivy-results.sarif" token: ${{ inputs.token }} diff --git a/.github/workflows/backstage-catalog-helper.yml b/.github/workflows/backstage-catalog-helper.yml index 2ed84562..fda5fb76 100644 --- a/.github/workflows/backstage-catalog-helper.yml +++ b/.github/workflows/backstage-catalog-helper.yml @@ -13,7 +13,7 @@ jobs: with: fetch-depth: 0 - name: Run Backstage Catalog Info Helper - uses: cds-snc/backstage-catalog-info-helper-action@v0.3.1 + uses: cds-snc/backstage-catalog-info-helper-action@e36696cef34ed39c43a6e4a3873821bb2bad7eef # v0.3.1 with: github_app_id: ${{ secrets.SRE_BOT_RW_APP_ID }} github_app_private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }} @@ -25,7 +25,7 @@ jobs: app_id: ${{ secrets.SRE_BOT_RW_APP_ID }} private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }} - name: Create pull request - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3.14.0 with: token: ${{ steps.generate_token.outputs.token}} commit-message: 'Add catalog-info.yaml'