Pin 3rd-party actions to SHA1

redhat-developer / app-services-api-guidelines

Design guidelines for App Services APIs

https://api.appservices.tech

Apache License 2.0

4 stars 3 forks source link

Closed fbricon closed 1 year ago

fbricon commented 1 year ago

Hi!

Following the GH Action Security Hardening guide we should use the commit SHA instead of the branch or tag for any third-party untrusted action.

This PR was submitted by a script.