Video

How to: Secure your GitHub Actions across multiple repos, with automated actions pinning

1 mins read

Jan 3, 2024

To secure GitHub Actions, a common practice is to pin an action to a specific commit SHA, or checksum. For developers, it's manual work to do that pinning, and to figure out what actions are being used in your project. Minder, an open source platform for managing security policies across your GitHub repos, makes it easier to automatically parse all of your GitHub Actions workflows across your GitHub repos, and replace the needed tags for the commit checksum. This means that you don't need to go and fetch the checksum for each and every action referenced in your workflows.

Minder demo: Learn how to apply security checks and policies across your GitHub repos

Dec 15, 2023

Watch Now

Trusty product demo

Nov 6, 2023

Watch Now

A Beginner's View of Public Instances video title screen

A beginner's view of public good instances

Evan Anderson /

Oct 18, 2023

Watch Now

Resources

Featured Content

Unlocking secure software distribution with Minder and GitHub Artifact Attestations

Driving safe and sustainable open source consumption with two new Stacklok capabilities

Software Supply Chain Security (S3C) Weekly

For Developers

Vet the supply chain risk of open source packages

For Open Source Communities

Secure your software supply chain

For Developers

Vet the supply chain risk of open source packages

For Open Source Communities

Secure your software supply chain

Video

How to: Secure your GitHub Actions across multiple repos, with automated actions pinning

Minder demo: Learn how to apply security checks and policies across your GitHub repos

Trusty product demo

A beginner's view of public good instances

Newsletter

Stay in the loop

Main Menu

Products

Resources

Contact Us