Use hardcoded checksum to verify installation script was not tampered with

DataDog / test-visibility-github-action

GitHub Action that installs Datadog Test Visibility

Apache License 2.0

3 stars 1 forks source link

Use hardcoded checksum to verify installation script was not tampered with #11

Closed nikita-tkachenko-datadog closed 3 months ago

nikita-tkachenko-datadog commented 3 months ago

What does this PR do?

Updates the action to use hard-coded checksum when verifying installation script integrity. The reason for doing so, rather than downloading the checksum, it to protect from MitM attacks.

Motivation

Additional Notes

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

Test manually and with the CI job.