diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml index ed366dc..41ee0be 100644 --- a/.github/workflows/cflite_batch.yml +++ b/.github/workflows/cflite_batch.yml @@ -4,7 +4,9 @@ on: schedule: - cron: '0 3 * * 1' # Weekly on Monday at 03:00 UTC -permissions: read-all +permissions: + contents: read + security-events: write jobs: BatchFuzzing: @@ -17,14 +19,14 @@ jobs: steps: - name: Build Fuzzers (${{ matrix.sanitizer }}) id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 with: language: rust sanitizer: ${{ matrix.sanitizer }} - name: Run Fuzzers (${{ matrix.sanitizer }}) id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} fuzz-seconds: 3600 diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index 78b99e3..81a6015 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -5,7 +5,9 @@ on: branches: - main -permissions: read-all +permissions: + contents: read + security-events: write jobs: PR: @@ -21,7 +23,7 @@ jobs: steps: - name: Build Fuzzers (${{ matrix.sanitizer }}) id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 with: language: rust github-token: ${{ secrets.GITHUB_TOKEN }} @@ -29,7 +31,7 @@ jobs: - name: Run Fuzzers (${{ matrix.sanitizer }}) id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} fuzz-seconds: 300