vscode-codeql icon indicating copy to clipboard operation
vscode-codeql copied to clipboard
verified publisher icon github

[Request] Enable Immutable Releases

Open jkylekelly opened this issue 5 months ago • 1 comments

👋 Hi there!

We're the Package Security team at GitHub. We recently staff shipped immutable releases, a feature designed to improve supply chain security by preventing modifications to published releases.

We noticed that vscode-codeql is actively using GitHub Releases, and wanted to ask if you'd consider enabling immutability for your releases. This can be done with a simple checkbox in your repository's Settings > General > Enable release immutability.

If you have any concerns, blockers, or reasons for not enabling this feature, we'd love to hear about them! Your feedback helps us better understand real-world needs and improve our offerings.

For more details or discussion, please see: https://github.com/github/security-products/discussions/1883

Thanks for helping keep the ecosystem secure!

jkylekelly avatar Jul 11 '25 16:07 jkylekelly

Let's leave this in triage until the SecExp FR shift that begins on August 11th. We will aim to have the FR for that shift make this change.

sidshank avatar Jul 23 '25 19:07 sidshank