Skip to content

chore: pin GitHub Actions workflows to immutable SHA digests#726

Open
stephanbcbauer wants to merge 1 commit into
eclipse-tractusx:mainfrom
stephanbcbauer:chore/pin-actions-to-sha
Open

chore: pin GitHub Actions workflows to immutable SHA digests#726
stephanbcbauer wants to merge 1 commit into
eclipse-tractusx:mainfrom
stephanbcbauer:chore/pin-actions-to-sha

Conversation

@stephanbcbauer

@stephanbcbauer stephanbcbauer commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Member

Description

This PR pins GitHub Actions to immutable SHAs to improve supply chain security.

Changes

  • actions/checkout pinned to v4.2.1
  • actions/setup-node pinned to v4.1.0
  • peaceiris/actions-gh-pages pinned to v4.0.0
  • hashicorp/setup-terraform pinned to v3.1.2
  • trufflesecurity/trufflehog pinned to v3.95.6

Impact

  • Ensures CI/CD pipelines use verified and immutable versions of actions.
  • Prevents potential supply chain attacks from mutable tags.

@stephanbcbauer
chore: pin GitHub Actions to immutable SHAs
95df174 
- Pin actions/checkout to v4.2.1
- Pin actions/setup-node to v4.1.0
- Pin peaceiris/actions-gh-pages to v4.0.0
- Pin hashicorp/setup-terraform to v3.1.2
- Pin trufflesecurity/trufflehog to v3.95.6

Signed-off-by: Stephan Bauer <stephan.bauer@catena-x.net>
@stephanbcbauer stephanbcbauer requested a review from bmg13 as a code owner June 19, 2026 16:33
@stephanbcbauer stephanbcbauer changed the title chore: pin GitHub Actions to immutable SHAs chore: pin GitHub Actions workflows to immutable SHA digests Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bmg13 bmg13 Awaiting requested review from bmg13 bmg13 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stephanbcbauer