Pin GHA hashes - Githubissues

GSA-TTS / tts.gsa.gov

Making the website work for people who make websites work

https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov/echo-summer20203/

Other

4 stars 3 forks source link

Pin GHA hashes #94

Closed wesley-dean-gsa closed 3 weeks ago

wesley-dean-gsa commented 1 month ago

KICS is complaining about the Snyk GHA not being pinned to a specific hash.

wesley-dean-gsa commented 1 month ago

https://github.com/mheap/pin-github-action

wesley-dean-gsa commented 1 month ago

https://github.com/GSA-TTS/tts.gsa.gov/security/code-scanning

wesley-dean-gsa commented 1 month ago

Going through the workflows as of today (Friday, August 2nd), all of the uses: lines in the workflows are pinned to specific hashes. We can close this ticket out now.

(this was originally (and incorrectly) attributed to #95)

debjudy commented 3 weeks ago

Work completed by other PR. No additional PR.