diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9e3c896..92efe6d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,11 +29,11 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: languages: "go" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: category: "/language:go" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 120921f..78dc976 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 3fe60a6..00e250a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/go@sha256:5a134d108318859155a8b19caf4b8a10860f704a73874dc43ccdc405f5a0b220 AS builder +FROM cgr.dev/chainguard/go@sha256:2e4c0d22e2006773de839b4d18c420e502927b5c10b449f45ce7af4b41309755 AS builder WORKDIR /app COPY . /app @@ -6,7 +6,7 @@ COPY . /app RUN go mod tidy; \ go build -o main . -FROM cgr.dev/chainguard/glibc-dynamic@sha256:d000aed862c42a81317eccd6aa10a5ad3eadd29b3483d7340e1b44ae1de81641 +FROM cgr.dev/chainguard/glibc-dynamic@sha256:e4df2eec5a28c5ad61bb3e172172549ffc95c0432ead7edd7ba37916a258d843 WORKDIR /app