Skip to content

chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 #412

chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1

chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 #412

name: Lockdown untrusted workflows
on:
push:
paths:
- ".github/workflows/**"
pull_request:
paths:
- ".github/workflows/**"
permissions:
contents: read
jobs:
enforce_pinned_workflows:
name: Harden Security
runs-on: ubuntu-latest
permissions:
actions: read
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Ensure 3rd party workflows have SHA pinned
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328d4ea95eaf8b3bd6c6cef308f709a5f2ec # v3.0.3