Skip to content

Bump github/codeql-action from 3.27.1 to 3.27.4 in /.github/workflows in the external-dependencies group #4192

Bump github/codeql-action from 3.27.1 to 3.27.4 in /.github/workflows in the external-dependencies group

Bump github/codeql-action from 3.27.1 to 3.27.4 in /.github/workflows in the external-dependencies group #4192

Workflow file for this run

name: MSDO
on:
push:
branches: [ "main", "releases/*" ]
pull_request:
branches: [ "main", "releases/*" ]
permissions: read-all
jobs:
MSDO:
name: Run Microsoft Security DevOps Analysis
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for federation to Defender for DevOps
security-events: write # This is required to upload SARIF files
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Credential Scanning
uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
id: credscan
with:
policy: Microsoft
tools: credscan
- name: Upload results to Security tab
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
with:
sarif_file: ${{ steps.credscan.outputs.sarifFile }}