Skip to content

Security: pin claude.yml and claude-code-review.yml actions to SHA #93

Description

@TexasCoding

From Wave 5 security audit, finding F-O-02. Severity: medium.

Threat model

`claude.yml` runs on `issue_comment` / `pull_request_review_comment` events with broad permissions:
```yaml
permissions:
contents: write
pull-requests: write
issues: write
id-token: write
```
and uses mutable major-version tags:

  • `actions/checkout@v4` (`claude.yml:25-26`)
  • `anthropics/claude-code-action@v1` (`claude.yml:33`)

`claude-code-review.yml` follows the same pattern. The workflow also consumes the `CLAUDE_CODE_OAUTH_TOKEN` secret. A retag attack on either action would weaponize a workflow that has full issue/PR/contents write plus an OAuth token in env.

`spec-sync.yml:22-24` explicitly comments why it SHA-pins third-party actions — the Claude workflows have equivalent or larger blast radius and should follow suit.

Fix

SHA-pin both actions in `claude.yml` and `claude-code-review.yml` (matching the `spec-sync.yml` precedent). Add a maintainer note (renovate config, or a paragraph in `docs/RELEASING.md`) for the SHA-bump cadence.

This is the same fix shape used in PR #62 (#16 weekly spec sync CI), where the SHA-pinning rationale is documented inline.

Metadata

Metadata

Assignees

No one assigned

    Labels

    infraInfrastructure/tooling

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions