Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Improve the security of your GitHub Actions in one command (dev.to)
3 points by mheap 8 days ago | hide | past | web | favorite | 1 comment

I recently read https://julienrenaux.fr/2019/12/20/github-actions-security-r... which reminds us that depending on external GitHub Actions is risky as branch and tag refs are mutable

> Using GitHub actions with branch names or tags is unsafe. Use commit hash instead.

Instead of updating to use a SHA everywhere, I wrote a tool to do it for you, making a note of the original version (e.g. @master).

This allows you to run the tool in the future and have the sha updated to the most recent version whilst still pinning to a specific commit.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact