chore(ci): Dependabot, workflow security (#1257)

Co-authored-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: niStee <52573120+niStee@users.noreply.github.comclear> Co-authored-by: GideonBear <87426140+GideonBear@users.noreply.github.com>
2025-08-11 10:24:18 +02:00
parent 9048cd8f47
commit 91fc5e3902
28 changed files with 257 additions and 109 deletions
--- a/.github/workflows/check_security_vulnerability.yml
+++ b/.github/workflows/check_security_vulnerability.yml
@@ -11,6 +11,9 @@ on:
    branches:
      - main

+permissions:
+  contents: read
+
 jobs:
  lint:
    name: DevSkim
@@ -21,12 +24,12 @@ jobs:
      security-events: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4.2.2

      - name: Run DevSkim scanner
-        uses: microsoft/DevSkim-Action@v1
+        uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16

      - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v3.29.5
        with:
          sarif_file: devskim-results.sarif