"GitHub recommends to pin an Action to a full length commit SHA as it is currently the only way to use an Action as an immutable release.
Still, only 2% of GitHub repositories fully embrace this security best practice!"
https://pin-gh-actions.kammel.dev/
#security #github #githubactions #supplychain
dethos / Gonçalo Valério
npub1c8…lvmv9
2024-06-03 12:15:13
Author Public Key
npub1c86s34sfthe0yx4dp2sevkz2njm5lqz0arscrkhjqhkdexn5kuqqtlvmv9Published at
2024-06-03 12:15:13Event JSON
{
"id": "e7ee2d7e10eb6640b8204c80d17a5963691d5f68a434d1fed21a3d6b65fdabe3",
"pubkey": "c1f508d6095df2f21aad0aa196584a9cb74f804fe8e181daf205ecdc9a74b700",
"created_at": 1717416913,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"github"
],
[
"t",
"githubactions"
],
[
"t",
"supplychain"
]
],
"content": "\"GitHub recommends to pin an Action to a full length commit SHA as it is currently the only way to use an Action as an immutable release.\n\nStill, only 2% of GitHub repositories fully embrace this security best practice!\"\n\nhttps://pin-gh-actions.kammel.dev/\n\n#security #github #githubactions #supplychain",
"sig": "3a38114e7258c82ca4422b88116e30c6b78e82ddff24db905ce5d647f1bedb88c0fdc6cc4ee3ead2784726d4349ff79355d16b58e1ed454e779b394fec459419"
}