Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin dependencies in CodeQL workflow #362

Closed
fxamacker opened this issue Dec 20, 2023 · 0 comments · Fixed by #363
Closed

Pin dependencies in CodeQL workflow #362

fxamacker opened this issue Dec 20, 2023 · 0 comments · Fixed by #363
Assignees
@fxamacker
Labels
CI CI and GitHub Actions Workflows

Comments

@fxamacker
Copy link
Member

Issue To Be Solved

Dependencies are not pinned in the CodeQL workflow.

Having unpinned dependencies can reduce the project's quality score computed by 3rd parties (e.g. OpenSSF Scorecard).

Suggested Solution

Pin dependencies in CodeQL workflow.

While at it, also bump version of Go from 1.19 to 1.20.
@fxamacker fxamacker added the CI CI and GitHub Actions Workflows label Dec 20, 2023
@fxamacker fxamacker self-assigned this Dec 20, 2023
@fxamacker fxamacker mentioned this issue Dec 20, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fxamacker fxamacker

Labels
CI CI and GitHub Actions Workflows
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Pin CodeQL workflow dependencies onflow/atree
1 participant
@fxamacker