From 75e106eba9d64cbbcaeee4b6c4dc91e5a7d7f935 Mon Sep 17 00:00:00 2001
From: anupsv <anupsv@users.noreply.github.com>
Date: Wed, 5 Feb 2025 16:18:51 -0800
Subject: [PATCH 1/2] Create codeql-scanning.yml

---
 .github/workflows/codeql-scanning.yml | 43 +++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 .github/workflows/codeql-scanning.yml

diff --git a/.github/workflows/codeql-scanning.yml b/.github/workflows/codeql-scanning.yml
new file mode 100644
index 00000000..d90fe743
--- /dev/null
+++ b/.github/workflows/codeql-scanning.yml
@@ -0,0 +1,43 @@
+name: "codeql-scanning"
+
+on:
+  push:
+    branches:
+      - main
+      - 'release/*'
+  pull_request:
+    branches:
+      - main
+      - 'release/*'
+  schedule:
+    - cron: '0 9 * * *'
+
+jobs:
+  CodeQL-Scanning:
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      security-events: write
+      pull-requests: read
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2
+      with:
+        submodules: recursive
+
+    - name: Install golang
+      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
+      with:
+        go-version: '1.22.0'
+        
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@1a7989f3955e0c69f0e0ccc14aee54a387a0fd31
+      with:
+        languages: go
+        
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a

From c0038a0ac3c5aa3bfe423640a60cd0a96e7df049 Mon Sep 17 00:00:00 2001
From: anupsv <anupsv@users.noreply.github.com>
Date: Wed, 5 Feb 2025 16:43:16 -0800
Subject: [PATCH 2/2] adding versions

---
 .github/workflows/codeql-scanning.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/codeql-scanning.yml b/.github/workflows/codeql-scanning.yml
index d90fe743..6858fbf7 100644
--- a/.github/workflows/codeql-scanning.yml
+++ b/.github/workflows/codeql-scanning.yml
@@ -24,20 +24,20 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
       with:
         submodules: recursive
 
     - name: Install golang
-      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # 5.3.0
       with:
-        go-version: '1.22.0'
+        go-version: '1.21.13'
         
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@1a7989f3955e0c69f0e0ccc14aee54a387a0fd31
+      uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a #3.28.8
       with:
         languages: go
         
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a
+      uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a #3.28.8