From 34f3dd9721261c43ab3f8ee5237eef70e5f677e5 Mon Sep 17 00:00:00 2001
From: Pohan Huang <pohan.huang@suse.com>
Date: Tue, 31 Mar 2026 10:45:40 +0800
Subject: [PATCH 1/2] chore: update readme with pin sha in readme

Signed-off-by: pohanhuang <pohan.huang@suse.com>
---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 9edb06c..52ee82d 100644
--- a/README.md
+++ b/README.md
@@ -29,12 +29,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Build image
         run: |
           docker build -t registry.organization.com/org/image-name:${{ github.sha }} .
       - name: Scan Image
-        uses: neuvector/scan-action@main
+        uses: neuvector/scan-action@dc98ca3e206249d47f00d884f04dd9905a94f156
         with:
           image-repository: registry.organization.com/org/image-name
           image-tag: ${{ github.sha }}
@@ -56,9 +56,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Scan Remote Image
-        uses: neuvector/scan-action@main
+        uses: neuvector/scan-action@dc98ca3e206249d47f00d884f04dd9905a94f156
         with:
           image-registry: https://registry.organization.com/
           image-registry-username: ${{ secrets.RegistryUsername }}

From 1e1352aed2b5f2c5344353414a609cd4479fff12 Mon Sep 17 00:00:00 2001
From: Pohan Huang <pohan.huang@suse.com>
Date: Tue, 31 Mar 2026 16:38:40 +0800
Subject: [PATCH 2/2] chore: use release sha instead of main branch commit

Signed-off-by: pohanhuang <pohan.huang@suse.com>
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 52ee82d..1f8a2ac 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@ jobs:
         run: |
           docker build -t registry.organization.com/org/image-name:${{ github.sha }} .
       - name: Scan Image
-        uses: neuvector/scan-action@dc98ca3e206249d47f00d884f04dd9905a94f156
+        uses: neuvector/scan-action@196964fb269cfcd1fe139dd27c8440a8396bd8ab #v1.0.0
         with:
           image-repository: registry.organization.com/org/image-name
           image-tag: ${{ github.sha }}
@@ -58,7 +58,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Scan Remote Image
-        uses: neuvector/scan-action@dc98ca3e206249d47f00d884f04dd9905a94f156
+        uses: neuvector/scan-action@196964fb269cfcd1fe139dd27c8440a8396bd8ab #v1.0.0
         with:
           image-registry: https://registry.organization.com/
           image-registry-username: ${{ secrets.RegistryUsername }}