fix(security): autofix 3rd party Github Actions should be pinned (#180)

aikido-autofix[bot] · echarrod · web-flow · commit 6123d97a54a2 · 2025-10-27T14:25:48.000Z
Co-authored-by: aikido-autofix[bot] &lt;119856028+aikido-autofix[bot]@users.noreply.github.com&gt;
Co-authored-by: Ed Harrod &lt;echarrod@users.noreply.github.com&gt;
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -25,4 +25,4 @@ jobs:
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         if: github.event.pull_request.head.repo.full_name == github.repository || env.SONAR_TOKEN != ''
-        uses: SonarSource/sonarqube-scan-action@v6.0.0
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
