From 1f52798a5a8520056f534c11553d3182d5684acb Mon Sep 17 00:00:00 2001
From: David Campbell <noreply@hnefatafl.org>
Date: Sat, 21 Mar 2026 19:36:51 -0400
Subject: [PATCH] Make the example Compliance yaml file comply with zizmor.

---
 README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8accbce..2fc84f8 100644
--- a/README.md
+++ b/README.md
@@ -40,13 +40,22 @@ permissions:
 
 jobs:
   reuse-compliance-check:
+    name: REUSE Compliance Check
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v6
+        uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6
+        with:
+          persist-credentials: false
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+
 ```
 
 If you would like to run other subcommands, you could use the following snippet which outputs a the SPDX bill of materials: