Update UnpinnedActionsTag query metadata scope

Copilot · oscarsj · web-flow · commit b2046034f112 · 2026-04-20T11:01:57.000Z
Agent-Logs-Url: https://github.com/github/codeql/sessions/5425ff86-b998-4c7b-9447-52c8ae74a7a2 Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
diff --git a/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql b/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
@@ -1,5 +1,5 @@
 /**
- * @name Unpinned tag for a non-immutable Action in workflow
+ * @name Unpinned tag for a non-immutable Action in workflow or composite action
  * @description Using a tag for a non-immutable Action that is not pinned to a commit can lead to executing an untrusted Action through a supply chain attack.
  * @kind problem
  * @security-severity 5.0
