[StepSecurity] ci: Harden GitHub Actions

Signed-off-by: StepSecurity Bot <[email protected]>
openwall · Jul 15, 2023 · 3350c6e · 3350c6e
1 parent f8b25d4
commit 3350c6e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -82,7 +82,7 @@ jobs:
         run: echo "name=$(date -u)" >> "$GITHUB_OUTPUT"
 
       - name: Install Cosign
-        uses: sigstore/[email protected]
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
 
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0