Pin dependencies

Author: renovate-pagopa[bot]

.github/workflows/anchore.yaml

@@ -35,17 +35,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Build the Docker image
         run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
       - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3
         with:
           image: "localbuild/testimage:latest"
           fail-build: true
           severity-cutoff: "high"
       - name: Upload Anchore Scan Report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2
         if: always()
         with:
           sarif_file: results.sarif

Dockerfile.test-only

@@ -1,11 +1,11 @@
-FROM maven:3-jdk-11-slim as buildtime
+FROM maven:3-jdk-11-slim@sha256:2cb7c73ba2fd0f7ae64cfabd99180030ec85841a1197b4ae821d21836cb0aa3b as buildtime
 
 WORKDIR /build
 COPY . .
 
 RUN mvn clean package
 
-FROM amazoncorretto:11 as runtime
+FROM amazoncorretto:11@sha256:89b6c49b62d84d7a8f769e43ab03f0fb016dbf90cd768629b9d9b6efe9be6940 as runtime
 
 WORKDIR /app