Compliance Category: Action SHA Pinning (3 findings)
Category: action-sha-pinning
Severity: error
Affected repos: .github-private (1 repo)
Summary
Three workflow files in .github-private use unpinned GitHub Actions instead of pinning to SHAs. Actions must be pinned to specific commits for security and reproducibility.
Affected Checks
| Workflow |
Finding |
daily-pr-review-health.yml |
unpinned-actions-daily-pr-review-health.yml |
repair-pr-approvals.yml |
unpinned-actions-repair-pr-approvals.yml |
test.yml |
unpinned-actions-test.yml |
Remediation
Update each workflow file to pin all action references to specific commit SHAs instead of branch names (e.g., actions/checkout@e7e0efcc... instead of actions/checkout@main).
Reference: GitHub Actions Security - Pin to SHA
This issue was automatically created by the compliance audit and groups 3 action SHA pinning findings in .github-private.
Compliance Category: Action SHA Pinning (3 findings)
Category:
action-sha-pinningSeverity:
errorAffected repos: .github-private (1 repo)
Summary
Three workflow files in
.github-privateuse unpinned GitHub Actions instead of pinning to SHAs. Actions must be pinned to specific commits for security and reproducibility.Affected Checks
daily-pr-review-health.ymlunpinned-actions-daily-pr-review-health.ymlrepair-pr-approvals.ymlunpinned-actions-repair-pr-approvals.ymltest.ymlunpinned-actions-test.ymlRemediation
Update each workflow file to pin all action references to specific commit SHAs instead of branch names (e.g.,
actions/checkout@e7e0efcc...instead ofactions/checkout@main).Reference: GitHub Actions Security - Pin to SHA
This issue was automatically created by the compliance audit and groups 3 action SHA pinning findings in .github-private.