Merge pull request #340 from trz42/update_scorecards_CI

boegel · web-flow · commit 764c5c96a49c · 2025-08-22T09:24:34.000+02:00
update action versions in scorecards CI
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -17,10 +17,9 @@ on:
   schedule:
     - cron: '25 15 * * 3'
   push:
-    branches: [ "main" ]
+    branches: [ "main", "develop" ]
   pull_request:
-    branches:    
-      - main
+    branches: [ "main", "develop" ]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -67,14 +66,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           sarif_file: results.sarif
