Pin actions to a full length commit SHA
Closed this issue · 0 comments
marcwrobel commented
In its documentation, https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions, GitHub recommends to pin GitHub actions to a full length commit SHA.
One nice side effect is that there will be more activity to the repository. So this helps preventing scheduled GitHub Actions from becoming disabled when there is no activity for X consecutive days.