From 8b7fa56af9aa6f28954082e66c2618db3577bebd Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Mon, 22 Sep 2025 08:50:17 +0100
Subject: [PATCH 1/2] =?UTF-8?q?ci:=20harden=20Scorecard=20=E2=80=94=20publ?=
 =?UTF-8?q?ish=20results=20and=20pin=20actions=20by=20SHA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/scorecards.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 3a9cdeb..d8af420 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -30,9 +30,9 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-          publish_results: false
+          publish_results: true
 
       - name: Upload SARIF to code scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarifc86100d080feab897ff886c34abd4c83a3
         with:
           sarif_file: results.sarif

From 222162f694f58ceb48656b24417918eea2908dc3 Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Mon, 22 Sep 2025 08:51:27 +0100
Subject: [PATCH 2/2] ci: fix Scorecard SARIF uploader ref

---
 .github/workflows/scorecards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index d8af420..f676b40 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -33,6 +33,6 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF to code scanning
-        uses: github/codeql-action/upload-sarifc86100d080feab897ff886c34abd4c83a3
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif