nodenv / node-build

Install NodeJS versions
MIT License
271 stars 80 forks source link

[StepSecurity] ci: Harden GitHub Actions #914

Closed step-security-bot closed 5 months ago

step-security-bot commented 5 months ago

Summary

This pull request is created by StepSecurity at the request of @jasonkarns. Please merge the Pull Request to incorporate the requested changes. Please tag @jasonkarns on your message if you have any questions related to the PR.

Security Fixes

Harden Runner

Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.

Harden runner usage You can find link to view insights and policy recommendation in the build log Please refer to [documentation](https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security) to find more details.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io