Limit GitHub Actions to Verified or Trusted Actions
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Ensure GitHub Actions are limited to verified or explicitly trusted actions
Details
- Default Category: github workflows
- Default Priority Group: P10
- C-SCRM: true
- Mitre: CWE-1357
- Mitre: CAPEC-17
- Mitre: CAPEC-538
- Mitre: CAPEC-446
- Sources: OpenSSF SCM Best Practices
- How To: Github Docs