diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a92ef29..c104997 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,11 +29,11 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: "go" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: category: "/language:go" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d871d78..ff7ba0c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 8fbd4e3..a979ae8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/go@sha256:2b57ddeaed404116df06ae4d45a1cd218cc80496c76afb64c9c0ef55a18fd777 AS builder +FROM cgr.dev/chainguard/go@sha256:f59ee941f033b3267531ec9b3543f87a2e5d0c680ed711bd6c01806bdc22f874 AS builder WORKDIR /app COPY . /app @@ -6,7 +6,7 @@ COPY . /app RUN go mod tidy; \ go build -o main . -FROM cgr.dev/chainguard/glibc-dynamic@sha256:0ff0755007e9f495d27af37bd8defff5856875fa65ed9b60a77388b332bdc773 +FROM cgr.dev/chainguard/glibc-dynamic@sha256:09c74721beb055d94e49515381cc5118d85bae208e7ddefe1d28f6b355a1a6f5 WORKDIR /app