web3-dev-team icon indicating copy to clipboard operation
web3-dev-team copied to clipboard

Published 20 hours ago verified publisher icon protocol

GitHub actions need to be pinned to a SHA1

Open Stebalien opened this issue 3 years ago • 2 comments

https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions

Stebalien avatar Mar 26 '21 23:03 Stebalien

We should do this for all the Actions we pull from third parties. But for the actions we maintain we should use master or a release branch because managing the updates across so many repos will be too painful.

mikeal avatar Mar 27 '21 00:03 mikeal

(triage session) We want to come up with a way to track where this rule is implemented or violated.

laurentsenta avatar Jun 17 '22 13:06 laurentsenta