From 5da00088721326b34e70099f0718442076e61207 Mon Sep 17 00:00:00 2001
From: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Date: Wed, 16 Apr 2025 18:35:13 -0300
Subject: [PATCH] Fix code scanning alert for not pinned actions (#28305)

Fixes https://github.com/fleetdm/fleet/security/code-scanning/1381.
---
 .github/workflows/goreleaser-snapshot-fleet.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/goreleaser-snapshot-fleet.yaml b/.github/workflows/goreleaser-snapshot-fleet.yaml
index d988f5d4fc..7070c9e5bd 100644
--- a/.github/workflows/goreleaser-snapshot-fleet.yaml
+++ b/.github/workflows/goreleaser-snapshot-fleet.yaml
@@ -118,7 +118,7 @@ jobs:
       - name: Check high/critical vulnerabilities before publishing (docker scout)
         # Only run this on the schedule run or when tagging RCs.
         if: startsWith(github.ref, 'rc-minor-') || startsWith(github.ref, 'rc-patch-') || github.event.schedule == '0 4 * * *'
-        uses: docker/scout-action@v1
+        uses: docker/scout-action@381b657c498a4d287752e7f2cfb2b41823f566d9 # v1.17.1
         with:
           command: cves
           image: fleetdm/fleet:${{ steps.generate_tag.outputs.FLEET_IMAGE_TAG }}