Security guides
Security hardening and good practices for GitHub Actions.
Security hardening for GitHub Actions
Good security practices for using GitHub Actions features.
Using secrets in GitHub Actions
Secrets allow you to store sensitive information in your organization, repository, or repository environments.
Using GitHub's security features to secure your use of GitHub Actions
GitHub has several security features that can enhance the security of the actions you consume and publish.
Automatic token authentication
GitHub provides a token that you can use to authenticate on behalf of GitHub Actions.
Using artifact attestations to establish provenance for builds
Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.
Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.