From 8a17e7beb90710adc3d8c9af12489c91fca07f1a Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Sun, 17 Dec 2023 21:14:08 -0800
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#87)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/trufflehog.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
index 097b7d65..552480b5 100644
--- a/.github/workflows/trufflehog.yml
+++ b/.github/workflows/trufflehog.yml
@@ -31,7 +31,7 @@ jobs:
           fetch-depth: 0
 
       - name: Check secrets with TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.63.4
+        uses: trufflesecurity/trufflehog@b0fab16ad4b5cc42c38ee4e2ee362aa3c47dea24 # v3.63.4
         with:
           path: ./
           head: HEAD