chore: upgrade scancode-action to docker base v0.1 release (#2141)

tdruez · web-flow · commit 0585f532da4c · 2026-04-02T15:50:48.000+04:00
Signed-off-by: tdruez &lt;tdruez@aboutcode.org&gt;
diff --git a/.github/workflows/generate-sboms.yml b/.github/workflows/generate-sboms.yml
@@ -36,7 +36,7 @@ jobs:
           find scancodeio/ -type f -name "*.ABOUT" -exec cp {} "${{ env.INPUTS_PATH }}/about-files/" \;
 
       - name: Resolve the dependencies using ScanCode-action
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "resolve_dependencies:DynamicResolver"
           inputs-path: ${{ env.INPUTS_PATH }}
diff --git a/.github/workflows/sca-integration-anchore.yml b/.github/workflows/sca-integration-anchore.yml
@@ -43,7 +43,7 @@ jobs:
           retention-days: 20
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "anchore-grype-sbom.cdx.json"
diff --git a/.github/workflows/sca-integration-cdxgen.yml b/.github/workflows/sca-integration-cdxgen.yml
@@ -46,7 +46,7 @@ jobs:
           retention-days: 20
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "cdxgen-sbom.cdx.json"
diff --git a/.github/workflows/sca-integration-cyclonedx-gomod.yml b/.github/workflows/sca-integration-cyclonedx-gomod.yml
@@ -46,7 +46,7 @@ jobs:
           retention-days: 20
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "gomod-sbom.cdx.json"
diff --git a/.github/workflows/sca-integration-depscan.yml b/.github/workflows/sca-integration-depscan.yml
@@ -51,7 +51,7 @@ jobs:
         run: pip uninstall --yes owasp-depscan
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "reports/sbom-docker.vdr.json"
diff --git a/.github/workflows/sca-integration-ort-package-file.yml b/.github/workflows/sca-integration-ort-package-file.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Analyze Docker image with ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "analyze_docker_image"
           input-urls:
diff --git a/.github/workflows/sca-integration-ort.yml b/.github/workflows/sca-integration-ort.yml
@@ -57,7 +57,7 @@ jobs:
             reporter
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "${{ env.ORT_RESULTS_PATH }}/bom.cyclonedx.json"
@@ -96,7 +96,7 @@ jobs:
             reporter
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "${{ env.ORT_RESULTS_PATH }}/bom.cyclonedx.json"
@@ -158,7 +158,7 @@ jobs:
           name: npm-mime-types-2.1.26-ort-sboms
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "bom.cyclonedx.json"
@@ -184,7 +184,7 @@ jobs:
          name: npm-mime-types-2.1.26-ort-sboms
 
      - name: Import SBOM into ScanCode.io
-       uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+       uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
        with:
          pipelines: "load_sbom"
          inputs-path: "bom.cyclonedx.xml"
@@ -210,7 +210,7 @@ jobs:
           name: npm-mime-types-2.1.26-ort-sboms
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "bom.spdx.json"
@@ -236,7 +236,7 @@ jobs:
           name: npm-mime-types-2.1.26-ort-sboms
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "bom.spdx.yml"
diff --git a/.github/workflows/sca-integration-osv-scanner.yml b/.github/workflows/sca-integration-osv-scanner.yml
@@ -51,7 +51,7 @@ jobs:
           retention-days: 20
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "osv-sbom.spdx.json"
diff --git a/.github/workflows/sca-integration-sbom-tool.yml b/.github/workflows/sca-integration-sbom-tool.yml
@@ -52,7 +52,7 @@ jobs:
         path: sbom-output
 
     - name: Import SBOM into ScanCode.io
-      uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+      uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
       with:
         pipelines: "load_sbom"
         inputs-path: "sbom-output/_manifest/spdx_2.2/manifest.spdx.json"
diff --git a/.github/workflows/sca-integration-trivy.yml b/.github/workflows/sca-integration-trivy.yml
@@ -45,7 +45,7 @@ jobs:
           retention-days: 20
 
       - name: Import SBOM into ScanCode.io
-        uses: aboutcode-org/scancode-action@6e900c920928c44932e756e308561451b09ec58b
+        uses: aboutcode-org/scancode-action@76777db8400d719de67ba3e465c5881037b45cb9  # v0.1
         with:
           pipelines: "load_sbom"
           inputs-path: "trivy-report.sbom.json"
