GHA-SEC006Self-hosted Runners
Problem Statement
Self-hosted runners can be compromised when used with untrusted code.
Vulnerability
Runner Takeover and Persistence
Code Examples
Insecure Implementation
runs-on: [self-hosted]Secure Implementation
runs-on: ubuntu-latestRemediation Steps
- Use GitHub-hosted runners for public workflows.
- Restrict self-hosted runners to trusted repositories.