Pin actions to a full length commit SHA

- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions >Pin actions to a full length commit SHA >Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions Also, dependabot supports upgrading based on SHA. Signed-off-by: naveensrinivasan <[email protected]>
kubernetes-sigs · Mar 28, 2022 · 2f32715 · 2f32715
1 parent be15876
commit 2f32715
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/lint-docs.yaml b/.github/workflows/lint-docs.yaml
@@ -15,4 +15,4 @@ jobs:
     - uses: gaurav-nelson/github-action-markdown-link-check@9710f0fec812ce0a3b98bef4c9d842fc1f39d976 # v1 https://api.github.com/repos/gaurav-nelson/github-action-markdown-link-check/git/commits/9710f0fec812ce0a3b98bef4c9d842fc1f39d976
       with:
         use-quiet-mode: 'yes'
-        config-file: .markdownlinkcheck.json
+        config-file: .markdownlinkcheck.json