Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect against malicious usage of GitHub Actions - Use fixed commit hash instead of tag/branch refs #224

Open
Vadorequest opened this issue Dec 16, 2020 · 0 comments
Open

Protect against malicious usage of GitHub Actions - Use fixed commit hash instead of tag/branch refs #224

Vadorequest opened this issue Dec 16, 2020 · 0 comments
Assignees
@Vadorequest
Labels
documentation Improvements or additions to documentation enhancement New feature or request security Software security

Comments

@Vadorequest
Copy link
Member

Vadorequest commented Dec 16, 2020
edited

Discussion at #223

  • Fork all Actions used by NRN into our Company repository.
  • ✅ Change all actions to use a fixed SHA instead of tag/branch reference, and use our forks, while documenting where the source action is located for ease of future update & better understanding.
  • Add doc explaining why, to raise devs awareness about this.

Considered

Resources:
@Vadorequest Vadorequest self-assigned this Dec 16, 2020
@Vadorequest Vadorequest added documentation Improvements or additions to documentation enhancement New feature or request security Software security labels Dec 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Vadorequest Vadorequest

Labels
documentation Improvements or additions to documentation enhancement New feature or request security Software security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Vadorequest