From 297dba75622a7fb1ddb4acc8ba508bdcb6464dc0 Mon Sep 17 00:00:00 2001
From: Rich Churcher <rich.churcher@lightspeedhq.com>
Date: Tue, 17 Oct 2023 10:49:21 +1300
Subject: [PATCH] 'Pin third-party actions to latest SHA'

---
 .github/workflows/shiftleft-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml
index 93eb994..a8ddf92 100644
--- a/.github/workflows/shiftleft-analysis.yml
+++ b/.github/workflows/shiftleft-analysis.yml
@@ -19,7 +19,7 @@ jobs:
     # 3. Invoke Scan with the github token. Leave the workspace empty to use relative url
 
     - name: Perform Scan
-      uses: ShiftLeftSecurity/scan-action@master
+      uses: ShiftLeftSecurity/scan-action@54980bbdae434b8e7903cfcffa98a2601c207962 # v1.3.0 scan-action is in maintenance mode only.
       env:
         WORKSPACE: ""
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}