From 41ed2e83916943b4a15eb58001890d64a1bfee3d Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Sun, 17 Dec 2023 21:00:44 -0800
Subject: [PATCH] [StepSecurity] Apply security best practices (#86)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/dependabot.yml      | 5 +++++
 .github/workflows/gosec.yml | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b9fec465..b01b07a8 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -25,3 +25,8 @@ updates:
     directory: /generator
     schedule:
       interval: daily
+
+  - package-ecosystem: gomod
+    directory: /terratest
+    schedule:
+      interval: daily
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index a768a079..22fbf58d 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -29,6 +29,6 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@v2.18.2
+        uses: securego/gosec@55d79496019a560e16e73e1948dee20a1fad631a # v2.18.2
         with:
           args: ./...