Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin and upgrade all immutable-eligible actions to their semantic versions #181

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Pin and upgrade all immutable-eligible actions to their semantic versions #181

wants to merge 1 commit into from
+1 −1

Conversation

mrecachinas
Copy link
Member

@mrecachinas mrecachinas commented Nov 15, 2024
edited
Loading

Hello from Product Security! 👋

We noticed that at least one of your Actions workflows is using one or more eligible immutable actions without semantic versioning. This PR will update the workflow to use the latest version of the action, using semantic versioning to opt into immutable actions.

Why is this important?

Using an immutable action without indicating proper semantic version will result in the version being resolved to a tag that is mutable. This means the action code can between runs and without your knowledge.

Using an immutable action with proper semantic versioning will resolve to the exact version of the action stored in the GitHub package registry. The action code will not change between runs. This is a key security control to ensure the code you are running is the code you expect.

Thanks and happy coding! 🎉

@mrecachinas mrecachinas requested a review from a team as a code owner November 15, 2024 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mrecachinas