From e7141c81cf60403830fb46de0a2904056a0555c0 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Sat, 27 Apr 2024 02:48:34 +0000
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/defender-for-devops.yml | 10 +++++-----
 .github/workflows/sitemap.yml             |  9 +++++++--
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/defender-for-devops.yml b/.github/workflows/defender-for-devops.yml
index e1f9b7f..17e4bb0 100644
--- a/.github/workflows/defender-for-devops.yml
+++ b/.github/workflows/defender-for-devops.yml
@@ -34,20 +34,20 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@v2
+      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@v4
-    - uses: actions/setup-dotnet@v4
+    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
       with:
         dotnet-version: |
           5.0.x
           6.0.x
     - name: Run Microsoft Security DevOps
-      uses: microsoft/security-devops-action@v1
+      uses: microsoft/security-devops-action@d16b24e8eb9f5afa5385fa133f26090c8e7689c9 # v1
       id: msdo
     - name: Upload results to Security tab
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
       with:
         sarif_file: ${{ steps.msdo.outputs.sarifFile }}
diff --git a/.github/workflows/sitemap.yml b/.github/workflows/sitemap.yml
index 6907068..02fb838 100644
--- a/.github/workflows/sitemap.yml
+++ b/.github/workflows/sitemap.yml
@@ -10,14 +10,19 @@ jobs:
     name: Generate a sitemap
 
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      with:
+        egress-policy: audit
+
     - name: Checkout the repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       with:
         fetch-depth: 0 
 
     - name: Generate the sitemap
       id: sitemap
-      uses: cicirello/generate-sitemap@v1.10.0
+      uses: cicirello/generate-sitemap@63643192a20862580b2e628ce0e553a8907e9ee9 # v1.10.0
       with:
         base-url-path: https://github.typpi.online