From 64aad9c0754350e4c21310e643ce9ec2739151bb Mon Sep 17 00:00:00 2001
From: "J-K. Solbakken" <jksolbakken@gmail.com>
Date: Wed, 10 Jul 2024 12:44:07 +0200
Subject: [PATCH] pin action version

---
 .github/workflows/scorecard.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 8b5c585..662365d 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -37,14 +37,14 @@ jobs:
             sigstore-tuf-root.storage.googleapis.com:443
             tuf-repo-cdn.sigstore.dev:443
             www.bestpractices.dev:443
-      
+
       - name: "Checkout code"
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # ratchet:actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@v2.3.1
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # ratchet:ossf/scorecard-action@v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif