You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/source/how-to/repository-protection.rst
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -147,4 +147,5 @@ are mutable in the sense that an attacker who gains access to a project, or even
147
147
updating a tag, could introduce breaking changes or malicious code without you noticing. Pinning to a
148
148
commit SHA eliminates that risk by locking the dependency to a known version. On top of that, since the
149
149
action's code cannot change silently in the background, it guarantees that every workflow run uses the
150
-
exact same version of the action.
150
+
exact same version of the action. For more details and additional best practices, you can consult the
151
+
`official GitHub documentation on securely using third-party actions <https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions>`_.
0 commit comments