Use commit SHA instead of branch name for third-party actions

redhat-developer / app-services-api-guidelines

Design guidelines for App Services APIs

https://api.appservices.tech

Apache License 2.0

4 stars 3 forks source link

Use commit SHA instead of branch name for third-party actions #149

Open andreaTP opened 1 year ago

andreaTP commented 1 year ago

Hi! Following the GH Action Security Hardening guide we should use the commit SHA instead of the branch or tag for any third-party untrusted action.