From 8c209be521fa2e50e5f675b1afd145b3e6e6ae56 Mon Sep 17 00:00:00 2001
From: eloymg <eloy.morenogarcia@grafana.com>
Date: Wed, 22 Apr 2026 16:43:53 +0200
Subject: [PATCH] Semgrep action pinning rules.yaml checkout

---
 .github/workflows/semgrep.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
index 11773e4e..c4c3c820 100644
--- a/.github/workflows/semgrep.yaml
+++ b/.github/workflows/semgrep.yaml
@@ -21,7 +21,9 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           repository: grafana/security-github-actions
-          ref: ${{ github.repository == 'grafana/security-github-actions' && (github.head_ref || github.ref_name) || '' }}
+          ref: ${{ github.repository == 'grafana/security-github-actions' &&
+            (github.head_ref || github.ref_name) ||
+            '8b10f82433323c48383277b3abc8c87d26564e63' }}
           sparse-checkout: |
             semgrep/custom-rules.yaml
             semgrep/format-results.sh