Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add details on claim verification for protected branches
The Google documentation only suggests verifying the `repository_owner` claim, which is insufficient for most use cases. Adding notes from [this blog post](https://dev.to/suzukishunsuke/secure-github-actions-by-pullrequesttarget-641) to show how to use other claims to protect cloud resources from potentially malicious untrusted code. Signed-off-by: Siddarth Senthilkumar <sidsenkumar11@gmail.com>
- Loading branch information
1 parent
8d44d59
commit 2575758
Showing
1 changed file
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters