Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch. It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/actions/checkout/releases/tag/v4.1.1 SHA: b4ffde65f46336ab88eb53be808477a3936bae11 https://github.com/actions/setup-java/releases/tag/v3.13.0 SHA: 0ab4596768b603586c0de567f2430c30f5b0d2b0 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
- Loading branch information