some more tweaks

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
defenseunicorns · Apr 1, 2024 · bdb970d · bdb970d
1 parent 5466a7f
commit bdb970d
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/scan-vulnerability.yaml b/.github/workflows/scan-vulnerability.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Scan for vulnerabilities
     permissions:
-      contents: read # Allows reading the repo contents
+      contents: read 
       pull-requests: read
 
     steps:
@@ -22,7 +22,7 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Environment setup
+      - name: Environment setup # this is required for scanning ironbank images
         uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
@@ -33,6 +33,6 @@ jobs:
           uds run vuln-check:grype-scan-sbom
 
       - name: Upload SARIF files
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.0.0
         with:
           sarif_file: 'sarif/'