github-actions-ensure-sha-pinned-actions icon indicating copy to clipboard operation
github-actions-ensure-sha-pinned-actions copied to clipboard

Published 20 hours ago verified publisher icon zgosalvez

[Improvement] Check dependencies recursively

Open michael-sicpa opened this issue 2 years ago • 1 comments

Hi, Thank you for this github action, it is very useful.

At the moment, if I'm not mistaken, it only check the .github folder, but if we have some actions that use another action, which use an untrusted action, then it will not be checked, so it will not fail. What do you think about having something recursive?

Best, Michael

michael-sicpa avatar Feb 15 '22 12:02 michael-sicpa

Possibly related:

  • https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/117

MPV avatar Oct 11 '23 09:10 MPV