Skip to content

Pin Actions to commit SHAs #15

New issue
New issue
Open
Open
Pin Actions to commit SHAs#15
@LaberionAjvazi

Description

@LaberionAjvazi
LaberionAjvazi
opened on Mar 3, 2026

Hi 👋

I noticed the workflows reference Actions using version tags (e.g. actions/checkout@v4) rather than full commit SHAs.

Would you be open to pinning them to specific SHAs? This can help with certain automated security checks (e.g., OpenSSF Scorecard).

I’d be happy to open a PR updating the workflows accordingly.

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions