chore(CLS-493): migrate to StepSecurity maintained action forks

.github/workflows/ScanSecrets.yaml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       with:
         fetch-depth: 10
     - name: Secret Scanning

.github/workflows/addCommentToRemindUpdatingTemplateVersion.yml

@@ -14,7 +14,7 @@
       hasAutoDetectionComment: ${{ steps.job1.outputs.hasAutoDetectionComment }}
     steps:
       - name: Find Comment
-        uses: peter-evans/find-comment@v3
+        uses: step-security/find-comment@v4
         id: fc
         with:
           issue-number: ${{ github.event.pull_request.number }}

.github/workflows/codeql-analysis.yml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
 
     # ℹ️ Setup DotNet Versions to building C# projects
     - name: Setup DotNet Versions
-      uses: actions/setup-dotnet@v5
+      uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5
       with:
         dotnet-version: | 
           6.0.x
@@ -64,7 +64,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -78,4 +78,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3

.github/workflows/content-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/convertKqlFunctionYamlToArmTemplate.yaml

@@ -45,12 +45,12 @@
             persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token.
             fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
       - name: Install python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3
         with:
             python-version: '3.x'
             architecture: 'x64'
       - name: Install yamale package
-        uses: step-security/pip-action@v1
+        uses: step-security/pip-action@4eec757caa412aae0b24a95bd26e1a2f20805087 # v1
         with:
             packages: |
                 yamale
@@ -91,7 +91,7 @@
             repository: ${{github.event.pull_request.head.repo.full_name}}
             branch: ${{ github.head_ref }}
       - name: Add comment
-        uses: mshick/add-pr-comment@v1
+        uses: step-security/add-pr-comment@v2
         if: ${{ env.armTemplatesChanged == 'true' }}
         with:
           message: |

.github/workflows/data-connector-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/detection-template-schema-validations.yaml

@@ -14,9 +14,9 @@ jobs:
         dotnetSdkVersion: 3.1.401
         PRNUM: ${{ github.event.pull_request.number }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
         with:
           dotnet-version: ${{ env.dotnetSdkVersion }}
       - name: Run Detection template structure validation tests

.github/workflows/detection-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/documents-link-validation.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/json-syntax-validation.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/kql-validations.yaml

@@ -14,9 +14,9 @@ jobs:
         dotnetSdkVersion: 6.0.x
         PRNUM: ${{ github.event.pull_request.number }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
         with:
           dotnet-version: ${{ env.dotnetSdkVersion }}
       - name: Run KQL Validation tests

.github/workflows/logo-validation.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/non-ascii-validations.yaml

@@ -14,9 +14,9 @@ jobs:
         buildConfiguration: Release
         dotnetSdkVersion: 3.1.401
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
         with:
           dotnet-version: ${{ env.dotnetSdkVersion }}
       - name: Run Non-Ascii validation tests

.github/workflows/playbook-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/runAsimSchemaAndDataTesters.yaml

@@ -196,7 +196,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout pull request branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
             ref: ${{github.event.pull_request.head.sha}}
             repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -216,7 +216,7 @@ jobs:
                 exit 1
               fi
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2
         with:
           python-version: '3.x'
       - name: Install dependencies
@@ -247,7 +247,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout pull request branch
-        uses: actions/checkout@v4
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
             ref: ${{github.event.pull_request.head.sha}}
             repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -267,7 +267,7 @@ jobs:
                 exit 1
               fi
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2
         with:
           python-version: '3.x'
       - name: Install dependencies
@@ -279,7 +279,7 @@ jobs:
               pip install azure-monitor-ingestion
               pip install azure-core
       - name: Login to Azure Public Cloud
-        uses: azure/login@v2
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
         with:
           client-id: ${{ secrets.AZURE_ASIM_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -308,15 +308,15 @@ jobs:
       contents: read
     steps:
       - name: Checkout pull request branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           persist-credentials: false
           fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
 
       - name: Login to Azure Public Cloud with AzPowershell
-        uses: azure/login@v2
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
         with:
           client-id: ${{ secrets.AZURE_ASIM_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -338,7 +338,7 @@ jobs:
             exit 1
           fi
       - name: Run ASIM Schema and Data tests PowerShell script
-        uses: azure/powershell@v2
+        uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2
         with:
           inlineScript: |
             $filePath = ".script/tests/asimParsersTest/runAsimTesters.ps1"
@@ -372,7 +372,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout pull request branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -392,7 +392,7 @@ jobs:
             exit 1
           fi
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2
         with:
           python-version: '3.x'
       - name: Install dependencies
@@ -402,7 +402,7 @@ jobs:
               pip install azure-identity
               pip install azure-monitor-query
       - name: Login to Azure Public Cloud
-        uses: azure/login@v2
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
         with:
           client-id: ${{ secrets.AZURE_ASIM_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}

.github/workflows/sample-data-validation.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/slash-command-armttk.yaml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - name: Get PR details and validate
         id: get-pr
-        uses: actions/github-script@v7
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
         with:
           script: |
             const { data: pr } = await github.rest.pulls.get({

.github/workflows/solution-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/solutionIntegration.yaml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout pull request branch
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       with:
         ref: ${{ github.event.pull_request.head.ref }}
         repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -64,7 +64,7 @@ jobs:
         "https://dev.azure.com/msazure/One/_apis/git/repositories/Sentinel-CATUtilities/items?path=/SolutionIntegrationTesting/config.json&api-version=6.0"
 
     - name: Setup Python Environment
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2
       with:
         python-version: '3.x'
 

.github/workflows/update-solutions-analyzer.yml

@@ -23,12 +23,12 @@
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
         with:
           python-version: '3.11'
 
@@ -58,7 +58,7 @@
       - name: Create Pull Request
         if: steps.check_changes.outputs.changed == 'true'
         id: create_pr
-        uses: peter-evans/create-pull-request@v6
+        uses: step-security/create-pull-request@v8
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: 'chore: Update Solutions Analyzer CSV files and documentation'

.github/workflows/validateVersionChangedInDetections.yml

@@ -19,7 +19,7 @@ jobs:
     # check out and run the script
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1
 
       - name: Check that template version was updated
         run: bash .script/checkThatTemplatesVersionWasChanged.sh

.github/workflows/workbook-metadata-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/workbook-template-validations.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/yaml-syntax-validation.yaml

@@ -18,7 +18,7 @@ jobs:
         GITHUBAPPPRIVATEKEY: ${{ secrets.APPLICATION_PRIVATE_KEY }}
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install