build: update codeql

moov-io · Jun 21, 2024 · c261baf · c261baf
1 parent ce6d5c2
commit c261baf
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -1,24 +1,32 @@
+# Use https://app.stepsecurity.io/ to improve workflow security
 name: CodeQL Analysis
 
 on:
   push:
   pull_request:
   schedule:
-    - cron: '0 0 * * 0'
+    - cron: '0 10 * * 0'
+
+permissions:
+  contents: read
 
 jobs:
   CodeQL-Build:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     strategy:
       fail-fast: false
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: go
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3