Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy to verify actions are pinned to sha1 #845

Merged
merged 3 commits into from
Sep 5, 2023
Merged

Policy to verify actions are pinned to sha1 #845

merged 3 commits into from
Sep 5, 2023

Conversation

lukehinds
Copy link
Contributor

Defines the configuration for evaluating data ingested against the given policy This example uses the checks for that github actions are using pinned tags for the uses directive, in the form of SHA-1 hash

For example, this wil fail:
uses: actions/checkout@v2

This will pass:
uses: actions/checkout@f3d2b746c498f2d3d1f2d3d1f2d3d1f2d3d1f2d3

@lukehinds
Policy to verify actions are pinned to sha1
7d5b245 
Defines the configuration for evaluating data ingested against the given policy
This example uses the checks for that github actions are using pinned tags
for the uses directive, in the form of SHA-1 hash

For example, this wil fail:
`uses: actions/checkout@v2`

This will pass:
`uses: actions/checkout@f3d2b74`

Signed-off-by: Luke Hinds <luke@stacklok.com>
@lukehinds
Copy link
Contributor Author

@JAORMX wdyt?

JAORMX
JAORMX reviewed Sep 4, 2023
View reviewed changes
Copy link
Contributor

@JAORMX JAORMX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had one comment the rest looks good!

examples/github/rule-types/actions_check_pinned_tags.yaml Show resolved Hide resolved
@lukehinds
Add more to the guidance section
50d2291 
Signed-off-by: Luke Hinds <luke@stacklok.com>
@JAORMX
Copy link
Contributor

JAORMX commented Sep 5, 2023

Seems this needs rebasing

@JAORMX JAORMX marked this pull request as ready for review September 5, 2023 11:57
@rdimitrov rdimitrov merged commit 2685dbd into mindersec:main Sep 5, 2023
12 checks passed
@rdimitrov rdimitrov deleted the checks-action-tags branch September 5, 2023 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhrozek jhrozek jhrozek approved these changes

@JAORMX JAORMX JAORMX approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lukehinds @JAORMX @jhrozek @rdimitrov