Skip to content

[SECENG-364] Pin GitHub Actions to commit SHAs#5

Merged
Ben Vinson (bvinson-hover) merged 1 commit intomainfrom
security/pin-actions-to-sha
Apr 23, 2026
Merged

[SECENG-364] Pin GitHub Actions to commit SHAs#5
Ben Vinson (bvinson-hover) merged 1 commit intomainfrom
security/pin-actions-to-sha

Conversation

@sginovker
Copy link
Copy Markdown

@sginovker Stephanie Ginovker (sginovker) commented Apr 22, 2026
edited by atlassian Bot
Loading

Ticket

SECENG-364

Summary

Pin all GitHub Actions to commit SHAs for supply chain security. Branch-pinned actions (@main / @master) are upgraded to the repo's latest release tag.

Pinned Actions

  • related-sciences/gce-github-runner@v0.14008d5e13

@sginovker Stephanie Ginovker (sginovker) marked this pull request as ready for review April 22, 2026 23:28
@sginovker Stephanie Ginovker (sginovker) requested a review from a team April 23, 2026 00:28
bvinson-hover
Ben Vinson (bvinson-hover) approved these changes Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

@bvinson-hover Ben Vinson (bvinson-hover) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SHA checks out, so the change is good.

@bvinson-hover Ben Vinson (bvinson-hover) deleted the security/pin-actions-to-sha branch April 23, 2026 16:05
@bvinson-hover
Copy link
Copy Markdown

Ben Vinson (bvinson-hover) commented Apr 23, 2026

All pinned GitHub Actions SHAs verified against latest releases — everything checks out. benvinson will be approving this PR shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bvinson-hover Ben Vinson (bvinson-hover) bvinson-hover approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sginovker @bvinson-hover