From b7c3c02a29bddffe6fb6223215abe45238b86523 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Fri, 28 Jun 2024 04:47:46 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/dependabot.yml          | 5 +++++
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3328bf52c1..ae2dffd4db 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -87,3 +87,8 @@ updates:
     directory: /service/ossse
     schedule:
       interval: daily
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 18fd9c3ef0..3ad65000a4 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -41,7 +41,7 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: results.sarif