This is in support of RFC SEC-090 which is due to be implemented by EOQ2 FY24.
Please do the following:
Approve and merge this PR if you are happy with the changes.
Check if there are any untrusted third-party Actions in the workflow files and onboard them to the TSCCR.
The yaml comments "# TSCCR: no entry for repository..." or "# TSCCR: no version of..." in the workflow files identifies an untrusted Action.
If you have to onboard any third-party Actions, update and pin your workflows using the tsccr-helper tool after the Actions have been onboarded OR reach out to #team-prodsec and we can run this automation again.
Verify that your Actions are still working as expected after pinning.
Please reach out to #team-prodsec if you have any questions.
This PR was auto-generated by hashicorp/security-tsccr/actions/runs/6376563530
You can alter the configuration of this automation via the hcl config in hashicorp/security-tsccr/automation
This is in support of RFC SEC-090 which is due to be implemented by EOQ2 FY24.
Please do the following:
Please reach out to #team-prodsec if you have any questions.