Skip to content

Commit

Permalink
fix markdown
Browse files Browse the repository at this point in the history
  • Loading branch information
martinbonnin committed Jul 17, 2022
1 parent 5d5114f commit 0e86461
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,11 @@ Commands:

### Frequently Asked Questions

Q: Why pinning the first party actions like `actions/checkout@v3`? GitHub runs the actions, so it should be trusted by construction?
A: It's true that GitHub has to be trusted to run the actions. Nevertheless, no one is immune to exploits and in the advent that GitHub gets hacked, pinning the GitHub actions reduces a tiny little bit the attack surface. What's more, it makes the yaml files more consistent.
**Q**: Why pinning the first party actions like `actions/checkout@v3`? GitHub runs the actions, so it should be trusted by construction?

Q: Can I have a GitHub action that automatically updates the pins?
A: Dependabot and Renovate do this. (albeit with [a caveat in the dependabot case](https://github.com/dependabot/dependabot-core/issues/4691))
**A**: It's true that GitHub has to be trusted to run the actions. Nevertheless, no one is immune to exploits and in the advent that GitHub gets hacked, pinning the GitHub actions reduces a tiny little bit the attack surface. What's more, it makes the yaml files more consistent.

**Q**: Can I have a GitHub action that automatically updates the pins?

**A**: Dependabot and Renovate do this. (albeit with [a caveat in the dependabot case](https://github.com/dependabot/dependabot-core/issues/4691))

0 comments on commit 0e86461

Please sign in to comment.