Integrating security in your CI/CD pipeline is critical to practicing DevSecOps. This action aims to be secure by default, and it should be complemented with your own review to ensure it meets your (organization's) security requirements.
- Action dependency is maintained by GitHub and pinned to a specific SHA.
- Restrict changes to certain environments with deployment protection rules.
- Integrate with OpenID Connect by passing short-lived credentials as environment variables.
| Version | Supported |
|---|---|
| v12.X | Yes |
| ≤ v11.X | No |
You must never report security related issues, vulnerabilities or bugs including sensitive information to the issue tracker, or elsewhere in public. Instead, sensitive bugs must be sent by email to [email protected] or reported via Security Advisory.