### What whould you like to see? In the light of various recent supply chain attacks (example: [trivy](https://github.com/aquasecurity/trivy/discussions/10425)) I would recommend [pinning actions to a full-length commit SHAs](https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions). It also looks like you're using renovate so [here are renovate's docs](https://docs.renovatebot.com/modules/manager/github-actions/#digest-pinning-and-updating) regarding this.
What whould you like to see?
In the light of various recent supply chain attacks (example: trivy) I would recommend pinning actions to a full-length commit SHAs.
It also looks like you're using renovate so here are renovate's docs regarding this.