Preventing github actions to trigger on specific branches #1589
Unanswered
KarimReda-CS
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
So I have been working with Github action for some time and I found a very interesting security concern. Let's assume I am working in a company where only employees in the company have access to the repositories. Is there a feature that disallows GitHub actions to be triggered on repositories other than the master one?
Because from where I stand, if there is no such feature, a junior developer can create a draft branch (which normally senior developers don't look into), create a github action that triggers on push on that branch, and then do whatever he wants with this ga even things such as viewing the secrets etc... .
Beta Was this translation helpful? Give feedback.
All reactions