-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve GitHub Actions Security #1722
Conversation
1. Default permission restrictions 2. Action version pinning 3. Timeout limits 4. Python dependency version pinning in scripts 5. Adding basic CODEOWNERS 6. More eror handling 7. Concurrency controls (same action cannot be running in parallel)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: The comments mention CODEOWNERS, but I can't see it among the changes.
…prove-github-workflow-security
d0f09f7
to
3d62caf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This covers all the points we discussed.
Thank you for the good work, @alexnorell, @bigbitbus!
Adding some improvements to GH workflows.
Description
We want to improve the GH workflows security.
Type of change
Please delete options that are not relevant.
How has this change been tested, please provide a testcase or example of how you tested the change?
Testing in progress...this comment will be updated
Any specific deployment considerations
For example, documentation changes, usability, usage/costs, secrets, etc.
Docs