Skip to content

ci: pin GitHub Actions to full commit SHAs#9586

Open
XananasX7 wants to merge 1 commit into
puppetlabs:mainfrom
XananasX7:fix/pin-actions-1782619962
Open

ci: pin GitHub Actions to full commit SHAs#9586
XananasX7 wants to merge 1 commit into
puppetlabs:mainfrom
XananasX7:fix/pin-actions-1782619962

Conversation

@XananasX7

Copy link
Copy Markdown

Pin unpinned GitHub Actions to immutable commit SHAs. Defense against supply-chain attacks via mutable tags. Version tags retained as inline comments. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Pin unpinned action references to immutable commit SHAs.
Version tags retained as inline comments.

See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
@XananasX7 XananasX7 requested a review from a team as a code owner June 28, 2026 04:13
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.


KiloClaw Security seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants