Skip to content

Commit 042c058

Browse files
step-security-botstep-security-bot
authored
[StepSecurity] ci: Harden GitHub Actions (#1769)
Signed-off-by: StepSecurity Bot <[email protected]>
1 parent 78f8d9c commit 042c058

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

.github/workflows/coverity.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737
with:
3838
egress-policy: audit
3939

40-
- uses: actions/checkout@v4
40+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4141
- name: Download Linux 64 Coverity Tool
4242
run: |
4343
curl https://scan.coverity.com/download/cxx/linux64 --output ${GITHUB_WORKSPACE}/cov-linux64-tool.tar.gz \
@@ -75,15 +75,15 @@ jobs:
7575
with:
7676
egress-policy: audit
7777

78-
- uses: actions/checkout@v4
78+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
7979
- name: Download Windows 64 Coverity Tool
8080
run: |
8181
curl https://scan.coverity.com/download/cxx/win64 -o cov-win64-tool.zip -d "token=${{secrets.COVERITY_TOKEN}}&project=${{env.COVERITY_PROJECT}}"
8282
7z x cov-win64-tool.zip
8383
del cov-win64-tool.zip
8484
move cov-analysis-win64* cov-win64-tool
8585
- name: Setup MSBuild
86-
uses: microsoft/setup-msbuild@v2
86+
uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0
8787
- name: Build with cov-build
8888
shell: bash
8989
run: |

0 commit comments

Comments
 (0)