#reviewdog — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #reviewdog, aggregated by home.social.
-
I wrote a script to show the exact versions of Actions used in your workflows on GitHub Actions.
It uses the audit logs (or just a list of workflow runs, for a single repo), grabs the workflow logs, and shows which commit was downloaded for each Action.
It’s useful in cases like the tj-actions/changed-files and reviewdog compromises.
https://github.com/github/audit-actions-workflow-runs
#DevSecOps #SupplyChainSecurity #Actions #CiCd #GitHub #TJActions #ReviewDog