search

kexa-io / Kexa

Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simplicity.
https://www.kexa.io
Apache License 2.0
102 stars 3 forks source link

[StepSecurity] ci: Harden GitHub Actions #258

Closed step-security-bot closed 2 months ago

step-security-bot commented 2 months ago

Summary

This pull request is created by StepSecurity at the request of @aeppling. Please merge the Pull Request to incorporate the requested changes. Please tag @aeppling on your message if you have any questions related to the PR.

Security Fixes

Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

aeppling commented 1 month ago

:tada: This PR is included in version 1.4.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket: