GitHub Actions adds policy controls for organization and repository owners
GitHub Actions has new settings for organizations and repository owners to limit the usage of external Actions.

The ability to reuse actions from across the GitHub community is one of the most powerful features of GitHub Actions. As a developer, you can take advantage of the collective knowledge of millions of other developers just as you do in your applications. However, sometimes you just want to use Actions that your organization creates, either to have the most control over change as possible or to meet security and compliance needs.
As a first step in providing repository and organization owners with this type of control, we’ve introduced three settings at both the repository and organization level.
- Enable local & third party Actions: This enables developers to use the full power of GitHub Actions from anywhere in the GitHub community—this is the default for all repositories and organizations.
- Enable local Actions only: This option requires all Actions to be vendored directly into the repository with the workflow that references them.
- Disable Actions: This option completely disables Actions within your organization or repository. This is useful for organizations that are not yet ready to use Actions or have a different service for CI/CD.
What’s next
We understand that these initial changes will not address everyone’s unique needs, however, they’re a good first step towards providing a rich set of controls from GitHub Actions. We look forward to collaborating with the community in other ways we can make Actions the best choice for your team. If you have questions, comments, or feedback, reach out in the community forum.
Learn more about GitHub Actions
Tags:
Written by
Related posts

The developer role is evolving. Here’s how to stay ahead.
AI is changing how software gets built. Explore the skills you need to keep up and stand out.

How GitHub protects developers from copyright enforcement overreach
Why the U.S. Supreme Court case Cox v. Sony matters for developers and sharing updates to our Transparency Center and Acceptable Use Policies.

GitHub Copilot gets smarter at finding your code: Inside our new embedding model
Learn about a new Copilot embedding model that makes code search in VS Code faster, lighter on memory, and far more accurate.