diff --git a/.github/workflows/analyze.yaml b/.github/workflows/analyze.yaml index 74e20bae7e..252d589d1f 100644 --- a/.github/workflows/analyze.yaml +++ b/.github/workflows/analyze.yaml @@ -11,15 +11,18 @@ jobs: analyze: name: Analyze runs-on: ubuntu-latest + + permissions: + security-events: write + steps: - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. fetch-depth: 2 - - - uses: github/codeql-action/init@a589d4087ea22a0a48fc153d1b461886e262e0f2 # v2.2.7 + - uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 with: languages: go - - uses: github/codeql-action/autobuild@a589d4087ea22a0a48fc153d1b461886e262e0f2 # v2.2.7 - - uses: github/codeql-action/analyze@a589d4087ea22a0a48fc153d1b461886e262e0f2 # v2.2.7 + - uses: github/codeql-action/autobuild@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + - uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7