Update scorecard.yml

PatriceJada · web-flow · commit a0ffd584a40b · 2024-07-09T23:38:04.000-05:00
Update action version numbers instead of hashes
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -6,7 +6,7 @@ name: Scorecard supply-chain security
 on:
   branch_protection_rule:
   schedule:
-    - cron: '42 16 * * 5'
+    - cron: '30 1 * * 7'
   push:
     branches: [ "main" ]
 
@@ -24,27 +24,27 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@v4 # v4.1.1
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@v4.13.1
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        uses: actions/upload-artifact@v3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard (optional).
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: results.sarif
