Skip to content

chore(maintenance): add --require-hashes flag to pip installs #348

chore(maintenance): add --require-hashes flag to pip installs

chore(maintenance): add --require-hashes flag to pip installs #348

name: Lockdown untrusted workflows
on:
push:
paths:
- ".github/workflows/**"
pull_request:
paths:
- ".github/workflows/**"
permissions:
contents: read
jobs:
enforce_pinned_workflows:
name: Harden Security
runs-on: ubuntu-latest
permissions:
actions: read
steps:
- name: Checkout code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Ensure 3rd party workflows have SHA pinned
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@21991cec25093947ff3f62e4c223df0260c39944 # v2.1.2