Skip to content

Pin used GitHub actions to a specific commit SHA#2377

Merged
Mab879 merged 1 commit into
OpenSCAP:maint-1.3from
jan-cerny:pin_actions_maint-1.3
Jul 6, 2026
Merged

Pin used GitHub actions to a specific commit SHA#2377
Mab879 merged 1 commit into
OpenSCAP:maint-1.3from
jan-cerny:pin_actions_maint-1.3

Conversation

@jan-cerny

Copy link
Copy Markdown
Member

Third-party actions should always be pinned to full SHAs. Tags and branches are mutable references, so a compromised maintainer account or action repository can silently change what our workflow executes on the next run.

Third-party actions should always be pinned to full SHAs. Tags and
branches are mutable references, so a compromised maintainer account or
action repository can silently change what our workflow executes on the
next run.
@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

@Mab879 Mab879 self-assigned this Jul 6, 2026
@Mab879 Mab879 merged commit 2331336 into OpenSCAP:maint-1.3 Jul 6, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants