Show HN: Improve the security of your GitHub Actions in one command (dev.to) 3 points by mheap 6y ago ↗ HN
[–] mheap 6y ago ↗ I recently read https://julienrenaux.fr/2019/12/20/github-actions-security-r... which reminds us that depending on external GitHub Actions is risky as branch and tag refs are mutable> Using GitHub actions with branch names or tags is unsafe. Use commit hash instead.Instead of updating to use a SHA everywhere, I wrote a tool to do it for you, making a note of the original version (e.g. @master).This allows you to run the tool in the future and have the sha updated to the most recent version whilst still pinning to a specific commit.
1 comment
[ 2.9 ms ] story [ 10.8 ms ] thread> Using GitHub actions with branch names or tags is unsafe. Use commit hash instead.
Instead of updating to use a SHA everywhere, I wrote a tool to do it for you, making a note of the original version (e.g. @master).
This allows you to run the tool in the future and have the sha updated to the most recent version whilst still pinning to a specific commit.