GH-200 - Secure and optimize automation - Section 5.4
Pin third-party actions to full commit SHAs, enforce action usage policies and verify artifact attestations and provenance.
Pin third-party actions to a full commit SHA rather than a mutable tag to prevent supply-chain substitution attacks. Verify artifact attestations and provenance records and enforce action usage policies across the organisation.
pin to commit SHAaction usage policyartifact attestationprovenance
More in this domain
Back to all Secure and optimize automation objectives, or the GH-200 cert hub.
Examworthy is not affiliated with or endorsed by GitHub. Original, blueprint-aligned practice material only.