This repository has been archived by the owner on Jun 13, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[StepSecurity] ci: Harden GitHub Actions (#937)
## Summary This pull request is created by [Secure Repo](https://app.stepsecurity.io/securerepo) at the request of @guidezpl. Please merge the Pull Request to incorporate the requested changes. Please tag @guidezpl on your message if you have any questions related to the PR. You can also engage with the [StepSecurity](https://github.com/step-security) team by tagging @step-security-bot. ## Security Fixes ### Pinned Dependencies GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo). To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <[email protected]> Signed-off-by: StepSecurity Bot <[email protected]>
- Loading branch information
1 parent
dd7148e
commit 908b276