A free solution to the GitHub Actions supply chain crisis
Came up with a makeshift way to pin GitHub Actions by commit SHA without losing Dependabot security alerts, or having to pay or sign up to something else: create internal wrappers for your external actions, pin by commit hash, then create another workflow where you add all those external actions pin
ORIGINAL SOURCE →via Reddit r/cybersecurity
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · conflict
- [CONFLICT] Intermodal Asia
- [CONFLICT] [Comment] Antibody-based malaria prevention in an intense perennial transmission setting
- [CONFLICT] [World Report] New Government aims to revitalise health in Hungary
- [CONFLICT] [Perspectives] Caring for the caregivers
- [CONFLICT] [Correspondence] Systematic health destruction in Iran by Operation Epic Fury
- [CONFLICT] [Correspondence] Microbiological governance and the Lancet Commission on Ukraine