Skip to content

chore: [StepSecurity] Apply security best practices #1248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 4, 2025
Merged

chore: [StepSecurity] Apply security best practices #1248

merged 1 commit into from
Jun 4, 2025

Conversation

stepsecurity-app[bot]
Copy link
Contributor

Summary

This pull request has been generated by StepSecurity as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements.

Security Fixes

Pinned Dependencies

Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure.
Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates.

StepSecurity Maintained Actions

Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements.

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo or contact us via our website.

@stepsecurity-app
[StepSecurity] Apply security best practices
d2b57fc 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@stepsecurity-app stepsecurity-app bot requested a review from a team as a code owner June 4, 2025 16:00
@stepsecurity-app stepsecurity-app bot requested a review from jeromy-cannon June 4, 2025 16:00
@rbarker-dev rbarker-dev added this to the 0.13.0 milestone Jun 4, 2025
@rbarker-dev rbarker-dev added Audit Issues resulting from a code or process audit github_actions labels Jun 4, 2025
@rbarker-dev rbarker-dev self-assigned this Jun 4, 2025
rbarker-dev
rbarker-dev approved these changes Jun 4, 2025
View reviewed changes
Copy link
Member

@rbarker-dev rbarker-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rbarker-dev rbarker-dev merged commit c14c076 into main Jun 4, 2025
14 of 19 checks passed
@rbarker-dev rbarker-dev deleted the chore/GHA-041600-stepsecurity-remediation branch June 4, 2025 16:22
jsync-swirlds pushed a commit that referenced this pull request Jun 4, 2025
@stepsecurity-app @jsync-swirlds
chore: [StepSecurity] Apply security best practices (#1248)
8fa7144 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
@AlfredoG87 AlfredoG87 added the Security Related to Security label Jun 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwagantall jwagantall jwagantall approved these changes

@rbarker-dev rbarker-dev rbarker-dev approved these changes

@jeromy-cannon jeromy-cannon Awaiting requested review from jeromy-cannon jeromy-cannon is a code owner automatically assigned from hiero-ledger/github-maintainers

Assignees

@rbarker-dev rbarker-dev

Labels
Audit Issues resulting from a code or process audit github_actions Security Related to Security
Projects
None yet
Milestone
0.13.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jwagantall @rbarker-dev @AlfredoG87