secure-github-action
CommunityPin SHAs and harden GitHub Actions workflows.
Software Engineering#workflow#permissions#best-practices#github-actions#secure#pin-sha#script-injection
Authortacogips
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill secures GitHub Actions workflows by pinning all action references to full commit SHAs and enforcing safer configurations.
Core Features & Use Cases
- Pin all actions to full commit SHAs to prevent drift and supply-chain risks.
- Enforce minimal permissions at workflow and job levels to limit blast radius.
- Harden checkout and prevent unsafe script injection by safe env usage and controlled run contexts.
- Use cases: teams migrating sensitive CI pipelines to enforce security standards across multiple repos.
Quick Start
Apply core security steps to your workflows: pin SHAs, set permissions, and avoid pull_request_target for privileged operations. Then update your workflow files against these guidelines.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: secure-github-action Download link: https://github.com/tacogips/claude-code-agent/archive/main.zip#secure-github-action Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.