nginxinc / nginx-supportpkg-for-k8s

NGINX Support Package Tool For Kubernetes
Apache License 2.0
0 stars 2 forks source link

[StepSecurity] Apply security best practices #50

Closed step-security-bot closed 1 month ago

step-security-bot commented 1 month ago

Summary

This pull request is created by StepSecurity at the request of @dareste. Please merge the Pull Request to incorporate the requested changes. Please tag @dareste on your message if you have any questions related to the PR.

Security Fixes

Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io