[291] Added checkout to reference sha and commit.

dpc-sdp · Sep 10, 2024 · 4233f7f · 4233f7f
1 parent 360edae
commit 4233f7f
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -41,6 +41,11 @@ jobs:
     strategy:
       matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
     steps:
+      - name: checkout
+        id: checkout
+        uses: actions/checkout@main
+        with:
+          ref: ${{ github.event.inputs.tag }}
       - name: Scan for vulnerabilities
         id: scan
         uses: crazy-max/ghaction-container-scan@v3
@@ -52,4 +57,5 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
-          ref: ${{ github.event.inputs.tag }}
+          ref: ${{ steps.checkout.outputs.ref }}
+          sha: ${{ steps.checkout.outputs.commit }}