fix: use sha for external action reference to align security guideline (#2)

Author: huaweic-nv

.github/actions/codeql-scan/action.yml

@@ -61,7 +61,7 @@ runs:
   using: 'composite'
   steps:
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4.31.5
+      uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5, use sha to align security guidelines
       with:
         languages: ${{ inputs.languages }}
         build-mode: ${{ inputs.build-mode }}
@@ -76,7 +76,7 @@ runs:
 
     - name: Perform CodeQL Analysis
       id: codeql-analyze
-      uses: github/codeql-action/analyze@v4.31.5
+      uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5, use sha to align security guidelines
       with:
         category: ${{ inputs.category }}
         upload: ${{ inputs.upload-sarif }}

.github/actions/trivy-scan/action.yml

@@ -66,7 +66,7 @@ runs:
   steps:
     - name: Run Trivy Scan
       continue-on-error: true
-      uses: aquasecurity/trivy-action@0.33.1
+      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1, use sha to align security guidelines
       with:
         scan-type: ${{ inputs.scan-type }}
         scan-ref: ${{ inputs.scan-ref }}

.github/actions/trufflehog-scan/action.yml

@@ -55,7 +55,7 @@ runs:
     - name: Run TruffleHog Scan
       id: trufflehog
       continue-on-error: true
-      uses: trufflesecurity/trufflehog@main
+      uses: trufflesecurity/trufflehog@aade3bff5594fe8808578dd4db3dfeae9bf2abdc # v3.91.1, use sha to align security guidelines
       with:
         path: ${{ inputs.path }}
         base: ${{ inputs.base }}