Pin dependencies

pagopa · Nov 15, 2024 · c1feabe · c1feabe
1 parent e0191da
commit c1feabe
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -37,7 +37,7 @@ jobs:
         run: docker build . --file Dockerfile --tag localbuild/testimage:latest
       - name: Run the Trivy scan action itself with GitHub Advanced Security code scanning integration enabled
         id: scan
-        uses: aquasecurity/trivy-action@0.24.0 #v0.24.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
         with:
           trivy-config: 'config/trivy.yaml'
           image-ref: "localbuild/testimage:latest"

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.4
+# syntax=docker/dockerfile:1.4@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc
 
 #
 # 🎯 Version Management