This repository has been archived by the owner on Jan 5, 2025. It is now read-only.
Use GitHub actions build steps from verified authors for improved security #36
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The GitHub Actions workflows we have are currently using automation steps from unknown/non-verified authors, which can potentially inject malicious code into our image, or perform malicious behavior during build.
To improve this we should use verified build steps, like this one:
https://github.com/marketplace/actions/build-and-push-docker-images
The text was updated successfully, but these errors were encountered: