Updated SHAs

scorecard.yml:24: actions/checkout → v5.0.0 scorecard.yml:29: ossf/scorecard-action → v2.4.3 security.yaml:32: actions/checkout → v5.0.0 (CodeQL job) security.yaml:57: actions/checkout → v5.0.0 (Trivy job) security.yaml:81: aquasecurity/trivy-action → v0.33.1 security.yaml:88: aquasecurity/trivy-action → v0.33.1
coder · ausbru87 · Oct 12, 2025 · Oct 12, 2025 · Oct 12, 2025 · Oct 12, 2025
commit 2a40050035fbf91c0e1148b6dc5854ec0854fc55
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -21,12 +21,12 @@ jobs:
 
  steps:
  - name: Checkout code
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
  with:
  persist-credentials: false
 
  - name: Run analysis
- uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+ uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
  with:
  results_file: results.sarif
  results_format: sarif

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -29,7 +29,7 @@ jobs:
  contents: read
  steps:
  - name: Checkout repository
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
  - name: Setup Go
  uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
@@ -54,7 +54,7 @@ jobs:
  contents: read
  steps:
  - name: Checkout repository
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
  - name: Setup Go
  uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
@@ -78,14 +78,14 @@ jobs:
  echo "image=code-marketplace:scan" >> "$GITHUB_OUTPUT"
 
  - name: Run Trivy vulnerability scanner (table output for logs)
- uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+ uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
  with:
  image-ref: ${{ steps.build.outputs.image }}
  format: "table"
  severity: "LOW,MEDIUM,HIGH,CRITICAL"
 
  - name: Run Trivy vulnerability scanner (SARIF output for GitHub)
- uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
+ uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
  with:
  image-ref: ${{ steps.build.outputs.image }}
  format: "sarif"