Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt best practices for Actions (SHA pinning, security hardening) #12

Closed
wrslatz opened this issue Oct 31, 2024 · 1 comment
Closed

Adopt best practices for Actions (SHA pinning, security hardening) #12

wrslatz opened this issue Oct 31, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@wrslatz
Copy link

wrslatz commented Oct 31, 2024
edited
Loading

Summary

Pulled out from #11 (comment).

We should likely pin Actions used in this repo to specific SHAs with a comment next to them for the version that matches. Dependabot should help keep those updated based on this blog.

I'd also review the security hardening guide for GitHub Actions to ensure we align to best practices.

We may want to validate these changes using OSSF Scorecard.
@erolunal erolunal added enhancement New feature or request ready for contribution Intake approved and waiting for a contribution labels Oct 31, 2024
This was referenced Oct 31, 2024
Open
Merged
@wrslatz
Copy link
Author

wrslatz commented Oct 31, 2024

SHA pinning was implemented in #11 before merging.

@erolunal erolunal removed the ready for contribution Intake approved and waiting for a contribution label Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erolunal @wrslatz