Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read GitHub Action' "security hardening" guide and act on it #26

Open
paulo-ferraz-oliveira opened this issue Sep 16, 2024 · 3 comments
Open

Read GitHub Action' "security hardening" guide and act on it #26

paulo-ferraz-oliveira opened this issue Sep 16, 2024 · 3 comments
Labels
security consideration Security consideration

Comments

@paulo-ferraz-oliveira
Copy link
Collaborator

Is your feature request related to a problem?

Potential problems, yes...

Describe the feature you'd like

Give https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions a good read an act on it; otherwise create issues in this repo. to have actions to improve in the future.

Describe alternatives you've considered

None.

Additional context

Not available.
@paulo-ferraz-oliveira paulo-ferraz-oliveira added the security consideration Security consideration label Sep 16, 2024
@paulo-ferraz-oliveira
Copy link
Collaborator Author

And also: https://cycode.com/blog/github-actions-vulnerabilities/

@paulo-ferraz-oliveira
Copy link
Collaborator Author

Look at what I did before and duplicate as much as possible: jelly-beam/otp-macos#10 (comment)

@maennchen
Copy link
Member

Also consider the OpenSSF guidances:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security consideration Security consideration
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maennchen @paulo-ferraz-oliveira