From 38ac972960c6e2b945d3691ca77785208a7aac26 Mon Sep 17 00:00:00 2001
From: Ivan <ivan@quad4.io>
Date: Tue, 11 Nov 2025 07:40:01 -0600
Subject: [PATCH] update

---
 .github/workflows/bearer-pr.yml | 6 +++---
 .github/workflows/bearer.yml    | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/bearer-pr.yml b/.github/workflows/bearer-pr.yml
index d2f9a6b..f8fe964 100644
--- a/.github/workflows/bearer-pr.yml
+++ b/.github/workflows/bearer-pr.yml
@@ -5,16 +5,16 @@ on:
     types: [opened, synchronize, reopened]
 
 permissions:
-  contents: read
+  security-events: write
 
 jobs:
   rule_check:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Bearer
-        uses: bearer/bearer-action@v2
+        uses: bearer/bearer-action@828eeb928ce2f4a7ca5ed57fb8b59508cb8c79bc # v2
         with:
           diff: true
diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml
index 2172acb..dced730 100644
--- a/.github/workflows/bearer.yml
+++ b/.github/workflows/bearer.yml
@@ -6,7 +6,6 @@ on:
       - master
 
 permissions:
-  contents: read
   security-events: write
 
 jobs:
@@ -14,16 +13,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Bearer
-        uses: bearer/bearer-action@v2
+        uses: bearer/bearer-action@828eeb928ce2f4a7ca5ed57fb8b59508cb8c79bc # v2
         with:
           format: sarif
           output: results.sarif
 
       - name: Upload SARIF file
         if: always()
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@2827891b2e5e0510dceab8c3619f4fe255451277 # v4
         with:
           sarif_file: results.sarif
+          category: bearer-security-scan