From 0d9363248d9303338887ceeea64c6cdc224a50ed Mon Sep 17 00:00:00 2001
From: John Andersen <john.s.andersen@intel.com>
Date: Mon, 24 Jun 2024 15:30:09 +0000
Subject: [PATCH] best practices: ossf scorecard: Fix pinning per Pedro
 suggestion with --require-hashes

Related: https://github.com/ossf/scorecard/issues/4189#issuecomment-2186774944
Signed-off-by: John Andersen <john.s.andersen@intel.com>
---
 scripts/ossf_scorecard_pindeps.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/ossf_scorecard_pindeps.py b/scripts/ossf_scorecard_pindeps.py
index c92b4f56fb..76716a9074 100644
--- a/scripts/ossf_scorecard_pindeps.py
+++ b/scripts/ossf_scorecard_pindeps.py
@@ -336,7 +336,7 @@ def main():
                         )
                         + line_end
                     )
-                    line = line_start + "python -m pip install -r requirements-lock.txt" + line_end
+                    line = line_start + "python -m pip install --require-hashes -r requirements-lock.txt" + line_end
 
                 new_lines.append(line)
             path.write_text("\n".join(new_lines))