Skip to content

[SECENG-364] Pin GitHub Actions to commit SHAs#5

Merged
Ben Vinson (bvinson-hover) merged 1 commit intomainfrom
security/pin-actions-to-sha
Apr 23, 2026
Merged

[SECENG-364] Pin GitHub Actions to commit SHAs#5
Ben Vinson (bvinson-hover) merged 1 commit intomainfrom
security/pin-actions-to-sha

Conversation

@sginovker
Copy link
Copy Markdown

@sginovker Stephanie Ginovker (sginovker) commented Apr 22, 2026

Ticket

SECENG-364

Summary

Pin all GitHub Actions to commit SHAs for supply chain security. Branch-pinned actions (@main / @master) are upgraded to the repo's latest release tag.

Pinned Actions

  • related-sciences/gce-github-runner@v0.14008d5e13

@sginovker Stephanie Ginovker (sginovker) marked this pull request as ready for review April 22, 2026 23:28
@sginovker Stephanie Ginovker (sginovker) requested a review from a team April 23, 2026 00:28
Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SHA checks out, so the change is good.

@bvinson-hover Ben Vinson (bvinson-hover) deleted the security/pin-actions-to-sha branch April 23, 2026 16:05
@bvinson-hover
Copy link
Copy Markdown

All pinned GitHub Actions SHAs verified against latest releases — everything checks out. benvinson will be approving this PR shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants