Commit Graph
3 Commits
Author SHA1 Message Date
StepSecurity BotandGitHub cfe040485b [StepSecurity] Apply security best practices (#5830) 2026-03-01 17:16:03 +00:00
StepSecurity BotandGitHub 6496015af7 [StepSecurity] ci: Harden GitHub Actions (#3901)
## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@Ludy87. Please merge the Pull Request to incorporate the requested
changes. Please tag @Ludy87 on your message if you have any questions
related to the PR.
## Security Fixes

### Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)


## Feedback
For bug reports, feature requests, and general feedback; please email
[email protected]. To create such PRs, please visit
https://app.stepsecurity.io/securerepo.


Signed-off-by: StepSecurity Bot <[email protected]>

Signed-off-by: StepSecurity Bot <[email protected]>
2025-07-07 22:21:58 +01:00
StepSecurity Bot dc5b214932 [StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <[email protected]>
2024-12-21 12:28:35 +00:00