Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define Policy on third-party GitHub Actions #3141

Open
louwers opened this issue Jan 13, 2025 · 1 comment
Open

Define Policy on third-party GitHub Actions #3141

louwers opened this issue Jan 13, 2025 · 1 comment
Labels
github_actions Pull requests that update GitHub Actions code security

Comments

@louwers
Copy link
Collaborator

louwers commented Jan 13, 2025

Comment from @ianthetechie:

Do we have a policy or general consensus on third-party GitHub Actions?

I don't think we do.

Since GitHub Actions execute code from third-parties on CI, we should be a bit careful with them. Especially in release workflows. Although I don't think they have access to secrets?
@louwers louwers added github_actions Pull requests that update GitHub Actions code security labels Jan 13, 2025
@josxha
Copy link
Contributor

josxha commented Jan 13, 2025

This topic could be expanded to a dependencies policy in general? Third party GitHub Actions can then treated as Dependencies as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
github_actions Pull requests that update GitHub Actions code security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@louwers @josxha