action-pinning-overview
OfficialPin GitHub Actions to SHAs for trusted CI.
Authoradaptive-enforcement-lab
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Secure GitHub Actions workflows by eliminating reliance on mutable tags and ensuring workflows run against fixed, verifiable SHAs.
Core Features & Use Cases
- SHA pinning for all actions in workflows to prevent tampered updates and silent changes
- Clear guidance for handling external vs internal actions and Dependabot updates
- Use Case: securing production CI pipelines across multiple repos by enforcing explicit SHA pins and review processes
Quick Start
Pin your actions to explicit SHAs in workflows and enable Dependabot to propose and review updates
Dependency Matrix
Required Modules
internal-deploy-utils
Components
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: action-pinning-overview Download link: https://github.com/adaptive-enforcement-lab/claude-skills/archive/main.zip#action-pinning-overview Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.