diff --git a/.github/workflows/action-pin.yaml b/.github/workflows/action-pin.yaml index 2a94f2283c..feb3cb4ba0 100644 --- a/.github/workflows/action-pin.yaml +++ b/.github/workflows/action-pin.yaml @@ -14,3 +14,6 @@ jobs: - name: Ensure SHA pinned actions uses: zgosalvez/github-actions-ensure-sha-pinned-actions@0901cf7b71c7ea6261ec69a3dc2bd3f9264f893e # v3.0.12 + with: + allowlist: | + slsa-framework/slsa-github-generator diff --git a/.github/workflows/linelint.yml b/.github/workflows/linelint.yml index 2a3fd997b0..03b814c839 100644 --- a/.github/workflows/linelint.yml +++ b/.github/workflows/linelint.yml @@ -14,5 +14,5 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Linelint - uses: fernandrone/linelint@0.0.4 + uses: fernandrone/linelint@8136e0fa9997122d80f5f793e0bb9a45e678fbb1 # 0.0.4 id: linelint diff --git a/.github/workflows/markdown_link_check.yml b/.github/workflows/markdown_link_check.yml index a428b1259c..b2c6ffb849 100644 --- a/.github/workflows/markdown_link_check.yml +++ b/.github/workflows/markdown_link_check.yml @@ -13,7 +13,7 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 with: use-quiet-mode: 'yes'