ci: harden GitHub Actions snapshot workflow by using SHA hash for dependency (#122)

step-security-bot · pylapp · commit 11f312513188 · 2025-11-05T18:51:53.000+01:00
Thanks to https://app.stepsecurity.io/secure-repo Reviewed-by: Pierre-Yves Lapersonne <pierreyves.lapersonne@orange.com> Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Signed-off-by: Pierre-Yves Lapersonne <pierreyves.lapersonne@orange.com>
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -32,7 +32,7 @@ jobs:
   snapshot:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           ref: develop
           token: ${{ secrets.GITHUB_TOKEN }}
