Open achrinza opened 2 years ago
GitHub allows restricting imported GitHub Actions at either the GitHub Repository and/or GitHub Organisation level, with the latter taking precedence.
Currently, there's no org-wide allowlist that's being enforced.
This issue is to track creating that allowlist, so as to enforce use of known-good GitHub Actions.
Blocked by: https://github.com/loopbackio/security/issues/27
GitHub allows restricting imported GitHub Actions at either the GitHub Repository and/or GitHub Organisation level, with the latter taking precedence.
Currently, there's no org-wide allowlist that's being enforced.
This issue is to track creating that allowlist, so as to enforce use of known-good GitHub Actions.
Blocked by: https://github.com/loopbackio/security/issues/27