Closed bjhargrave closed 6 months ago
We use SHAs instead of tag names to refer to action versions. Dependabot will help us manage the SHAs.
Update permissions to minimum necessary.
Add harden-runner to monitor egress of action. After some time, we can tighten the egress to limit hosts/ports.
We use SHAs instead of tag names to refer to action versions. Dependabot will help us manage the SHAs.
Update permissions to minimum necessary.
Add harden-runner to monitor egress of action. After some time, we can tighten the egress to limit hosts/ports.