Closed
Description
We want our use of GitHub Actions to be a secure as possible. This is a tracking issue for steps we can take to make them more secure. See https://github.com/github/security/issues/3907
- Create a test to lint workflows for correctness and consistency https://github.com/github/help-docs/pull/13181
- Move GitHub Action versions to shas #555 Use SHAs instead of version numbers for all
uses
values (see https://github.com/github/security/issues/3907#issuecomment-619103152) - Create an AllowList of known/trusted Action authors https://github.com/github/docs-internal/pull/15850
cc @github/content-platform-engineering