Loading

Loading...

Back to Documentation

Security PolicyGHA-SEC004

GHA-SEC004Unknown Actions

Problem Statement

Using third-party actions from unknown sources increases supply chain risks.

Vulnerability

Supply Chain Attacks

Code Examples

Insecure Implementation

- uses: some-user/unknown-action@v1

Secure Implementation

- uses: actions/checkout@v4

Remediation Steps

Use actions from trusted sources.
Maintain an allowlist for safe third-party actions.