Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
evntdrvn
67 days ago
|
parent
|
context
|
favorite
| on:
Tj-actions/changed-files GitHub Action Compromised...
it is documented as recommended here fwiw:
https://docs.github.com/en/actions/security-for-github-actio...
sundarurfriend
67 days ago
|
next
[–]
And the syntax to do that is to use `foo/bar@commitshagoeshere` as in
- uses: RafaelGSS/bad-action@e20fd1d81b3f403df56f5f06e2aa9653a6a60763 # v1.0.1
(example from
https://blog.rafaelgss.dev/why-you-should-pin-actions-by-com...
)
0rzech
67 days ago
|
prev
[–]
This. Using tags is acceptable only for official GitHub actions, anything else should be pinned.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
