fix: pin codeql-action/upload-sarif to SHA in scorecard workflow

CybotTM · CybotTM · commit dda8415fd78f · 2026-03-23T21:04:11.000+01:00
Pin github/codeql-action/upload-sarif to commit SHA (v4.34.1) to
satisfy org requirement for fully SHA-pinned GitHub Actions.

Signed-off-by: Sebastian Mendel &lt;info@sebastianmendel.de&gt;
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -30,6 +30,6 @@ jobs:
           publish_results: true
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         with:
           sarif_file: results.sarif
