chore: pin all github actions to their shasum#983
chore: pin all github actions to their shasum#983christian-heusel wants to merge 1 commit intokubeflow:notebooks-v1from
Conversation
|
/ok-to-test |
andyatmiami
left a comment
andyatmiami
left a comment
There was a problem hiding this comment.
1 nit - 1 issue the def needs resolved - everything else looks great (and it was pre-existing land mines that were the only reason your script got tripped up)
thanks!
will lgtm + approve once you have time to push fixes
This way we're not so easy to be targeted by supply chain attacks such as the trivy incident that motivated this initially. The changes were generated via a script that I wrote to do this, see the second link below. Link: https://www.openwall.com/lists/oss-security/2026/03/21/1 Link: https://github.com/christian-heusel/dotfiles/blob/main/misc/scripts/pin-github-actions.sh Co-authored-by: Andy Stoneberg <andyatmiami@users.noreply.github.com> Signed-off-by: Christian Heusel <christian@heusel.eu>
christian-heusel
force-pushed
the
chore/notebooks-v1-pin-all-actions-to-shasum
branch
from
582a39c to
245652b
Compare
andyatmiami
left a comment
andyatmiami
left a comment
There was a problem hiding this comment.
/lgtm
/approve
thanks again @christian-heusel for being so responsive here to improve our security posture 💯
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: andyatmiami The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
2 participants
This way we're not so easy to be targeted by supply chain attacks such as the trivy incident that motivated this initially.
The changes were generated via a script that I wrote to do this, see the second link below.
Link: https://www.openwall.com/lists/oss-security/2026/03/21/1
Link: https://github.com/christian-heusel/dotfiles/blob/main/misc/scripts/pin-github-actions.sh