Pin actions to SHA

Author: AmberJBlue

.github/workflows/security-scan.yaml

@@ -33,7 +33,7 @@ jobs:
           fi
 
       - name: Run Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@77137e9dc3ab1b329b7c8a38c2eb7475850a14e8
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -43,7 +43,7 @@ jobs:
           exit-code: '0'
 
       - name: Check for critical and high vulnerabilities
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@77137e9dc3ab1b329b7c8a38c2eb7475850a14e8
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -92,7 +92,7 @@ jobs:
           pip install bandit[sarif]
 
       - name: Run Bandit Security Scan
-        uses: PyCQA/bandit-action@v1
+        uses: PyCQA/bandit-action@67a458d90fa11fb1463e91e7f4c8f068b5863c7f
         with:
           targets: "."
           exclude: "tests"