GitHub Actions: Fine-tune access to external actions

You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions.

  • You can limit external actions to just those created by GitHub, those in the Marketplace that were created by verified authors, or a combination
  • You can optionally list specific external actions. Wildcards, tags, and SHAs enable flexibility and specificity

image

Learn more about external action policies

For questions please visit the GitHub Actions community forum

To see what's next for GitHub Actions, visit our public roadmap.