Skip to content

GitHub Actions: Fine-tune access to external actions

You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions.

  • You can limit external actions to just those created by GitHub, those in the Marketplace that were created by verified authors, or a combination
  • You can optionally list specific external actions. Wildcards, tags, and SHAs enable flexibility and specificity

image

Learn more about external action policies

For questions please visit the GitHub Actions community forum

To see what's next for GitHub Actions, visit our public roadmap.

Starting today you can temporarily disable a GitHub Actions workflow either in the UI or through the API. With this functionality you can stop a workflow from being triggered without having to delete the file from the repo. Later you can easily re-enable it again from the UI or through the API.

This new functionality can be useful in some situations, for example:

  • An error on a workflow is producing too many or wrong requests impacting external services negatively.
  • You want to temporarily pause a workflow that is not critical and is consuming too many minutes on your account.
  • You want to pause a workflow that is doing requests to a service that is down.
  • You are working on a fork and you don't need all the functionality of some workflows it includes (e.g. scheduled workflows).

For questions please visit the GitHub Actions community forum

To see what's next for GitHub Actions, visit our public roadmap

See more

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Today we're excited to announce that code scanning is generally available on GitHub.com.

  • Code scanning is free for public repositories. Learn more about how to enable code scanning today.
  • For private repositories, code scanning is available to GitHub Enterprise through Advanced Security. Contact Sales to learn more.
  • For those interested in helping to secure the open source ecosystem, we also invite you to contribute to the growing list of CodeQL queries and become part of our growing security community.
  • Read the full blog post.
See more