Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This has been in GH's docs on security hardening for a while[0], and I can't recall which tool it was, but I have seen reports that warn when not using SHAs. Pretty sure there was a linter that would even show the warning in my neovim setup that uses some kind of gh action LSP, but it has been a minute.

[0]: https://docs.github.com/en/actions/security-for-github-actio...



Testing for unpinned actions is supported in CodeQL, the security-extended suite




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: