From c9f326fabb2dd7d6190848329f0b7321b2b90ed4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Systems=20Architect=20=E2=80=A2=20AI=20Tooling=20=E2=80=A2?=
 =?UTF-8?q?=20Civic=20Monitoring?=
 <137366958+POWDER-RANGER@users.noreply.github.com>
Date: Sun, 1 Mar 2026 03:47:05 -0600
Subject: [PATCH] security: pin PSScriptAnalyzer action dependencies to
 immutable SHAs

Pinned GitHub Actions.
---
 .github/workflows/psscriptanalyzer.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/psscriptanalyzer.yml b/.github/workflows/psscriptanalyzer.yml
index 76befd3..a13fe22 100644
--- a/.github/workflows/psscriptanalyzer.yml
+++ b/.github/workflows/psscriptanalyzer.yml
@@ -15,10 +15,10 @@ jobs:
     runs-on: windows-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
 
       - name: Run PSScriptAnalyzer
-        uses: microsoft/psscriptanalyzer-action@v1.1
+        uses: microsoft/psscriptanalyzer-action@4c68ce7e4ab4fdaafd03b50b961ffd06c65b5db7  # v1.1
         with:
           path: .\
           recurse: true
@@ -26,6 +26,6 @@ jobs:
           settings: CodeFormatting
 
       - name: Upload PSScriptAnalyzer results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@c7d0eebf0efb81753d773b54ee46f4278db8ab5d  # v3.25.12
         with:
           sarif_file: results.sarif