From d023f128e63fabc6f5d9e57063f2ed30c24380dc Mon Sep 17 00:00:00 2001
From: Brian DeHamer <bdehamer@github.com>
Date: Tue, 5 Mar 2024 13:11:49 -0800
Subject: [PATCH] pin actions/attest to v0.1.0 (#22)

Signed-off-by: Brian DeHamer <bdehamer@github.com>
---
 action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index 13c866e..baab54d 100644
--- a/action.yml
+++ b/action.yml
@@ -87,7 +87,7 @@ runs:
       id: generate-sbom-predicate
       with:
         sbom-path: ${{ inputs.sbom-path || steps.sbom-output.outputs.path }}
-    - uses: actions/attest@main
+    - uses: actions/attest@14e407ca15f1b08f4869fc058b059f7f1e434df6 # v0.1.0
       id: attest
       with:
         subject-path: ${{ inputs.subject-path }}