From 493b2287aac545ac779aff5307f73756b9107249 Mon Sep 17 00:00:00 2001
From: Enriqueta De Leon <edeleon@newrelic.com>
Date: Mon, 20 May 2024 16:12:29 -0700
Subject: [PATCH] Update Snyk Workflow

- updated workflow to use node 20
- pin actions to commit sha's
---
 .github/workflows/snyk-vulnerability-scan.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/snyk-vulnerability-scan.yml b/.github/workflows/snyk-vulnerability-scan.yml
index d346cc1c1..496a408f3 100644
--- a/.github/workflows/snyk-vulnerability-scan.yml
+++ b/.github/workflows/snyk-vulnerability-scan.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Java Agent
-        uses: actions/checkout@v3
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: 'main'
 
@@ -25,9 +25,9 @@ jobs:
           echo "jdk17=/tmp" >> gradle.properties
 
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/gradle@master
+        uses: snyk/actions/gradle-jdk11@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8 # pin@master
         env:
           SNYK_TOKEN: ${{ secrets.JAVA_AGENT_SNYK_TOKEN }}
         with:
           command: monitor
-          args: --all-sub-projects --org=java-agent --configuration-matching='(includeInJar)|(shadowIntoJar)'
\ No newline at end of file
+          args: --all-sub-projects --org=java-agent --configuration-matching='(includeInJar)|(shadowIntoJar)'