chore: Bump ossf/scorecard-action from 2.3.3 to 2.4.0 #4976


	name: "CodeQL Scan"

	on:
	push:
	branches:
	- main
	- dev
	- 1.0.0*
	pull_request:
	branches:
	- main
	- dev
	- 1.0.0*
	schedule:
	- cron: '30 1 * * 0'
	workflow_dispatch:

	permissions: read-all

	jobs:
	CodeQL-Build:
	runs-on: ubuntu-latest

	permissions:
	security-events: write

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2
	- name: setup go environment
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version: "1.22"
	- name: Initialize CodeQL
	uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # tag=v3.25.14
	with:
	languages: go
	- name: Run tidy
	run: go mod tidy
	- name: Build CLI
	run: make build
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # tag=v3.25.14

Provide feedback