Skip to content

Commit a0ddf14

Browse files
author
Jimisola Laursen
committed
build: SHA-pin GitHub Actions for supply-chain security
Pin external action references to exact commit SHAs instead of branch or major-version tags to prevent supply-chain attacks. Signed-off-by: jimisola <jimisola@jimisola.com>
1 parent dd4a737 commit a0ddf14

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/check-semantic-pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,4 @@ on:
77

88
jobs:
99
check:
10-
uses: reqstool/.github/.github/workflows/check-semantic-pr.yml@main
10+
uses: reqstool/.github/.github/workflows/check-semantic-pr.yml@33502e31f66fb7e982f48f50e3c6c29b0410a017 # main 2026-03-07

0 commit comments

Comments
 (0)