DEV Community

Yuri-Ryabkov

Posted on Jun 6, 2020

1

Secure your Github Workflow

#github #git #devops

TL;DR

Specify commit SHA when setting workflow with Github Actions.

body

GitHub Actions on GitHub Marketplace is not security checked even official one, therefore developers who write workflow should make sure action safe and describe its commit version SHA from a security perspective.

Otherwise tokens you provided malicious action might be used for mining virtual currency. If you have described actions on yaml according to official description, check that is not specified with tag or branch.

Top comments (0)

Subscribe

Your AI Code Assistant

Automate your code reviews. Catch bugs before your coworkers. Fix security issues in your code. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Get started free in your IDE

Yuri-Ryabkov

bio bio

Joined

Jun 6, 2020

Tips keep commit grpah clean when merge in Gitlab

#git

Guide to Soft Deletes in Laravel and Postgres
Learn how to implement and optimize soft deletes in Laravel for improved data management and integrity.
See Article →

Guide to Fine-Grained Authorization in Laravel with Postgres
Learn how to set up and utilize Laravel's powerful authorization features.
See Article →

TL;DR

body

Your AI Code Assistant

Okay