Closed joycebrum closed 5 days ago
Hi! Joyce from Google's Open Source Security Team (GOSST) here. This PR prevents script injection in your GitHub workflows by parsing github.event.pull_request.head.ref into an environment variable before use.
More info on this threat: Keeping your GitHub Actions and workflows secure Part 2: Untrusted input.
Any questions, let me know!
Thanks!
Hi! Joyce from Google's Open Source Security Team (GOSST) here. This PR prevents script injection in your GitHub workflows by parsing github.event.pull_request.head.ref into an environment variable before use.
More info on this threat: Keeping your GitHub Actions and workflows secure Part 2: Untrusted input.
Any questions, let me know!
Thanks!