Limit GitHub Actions to Verified or Trusted Actions
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Use Case
- Incubating: expected
- Active: expected
- Retiring: n/a
Description
GitHub Actions Should Be Limited To Verified or Explicitly Trusted Actions
Details
- C-SCRM: true
- Priority Group: P10
- Mitre: CWE-1357
- Sources: OpenSSF SCM Best Practices
- How To: Github Docs