Fine-tune access to external actions
Limit use of external actions within Actions workflow for enterprises, organizations, and repositories.
You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions.
Limiting to GitHub and GitHub-verified authors
GitHub authors a number of essential actions which are widely used, such as ‘checkout’. When you check the box for GitHub-authored actions, you’re allowing workflows to use any action in the GitHub organization or the actions organization, including those that will be created in the future.
You can also limit the community actions that can be executed to just those created by GitHub-verified authors. With GitHub-verified authors, GitHub ensures that the organization that created the action is authentic, and truly represents the company or entity which it appears to represent (GitHub does not review any code or security practices as part of its verification process). When you check the box for GitHub-verified authors, you’re allowing workflows to use any action in the verified author’s organization, including those that will be created in the future.
Limiting to specific actions
The most secure way to use GitHub Actions includes a review of the source code of all external actions. You can now ensure that workflows use only those actions that have been reviewed by creating an explicit allow list. You can use the * syntax to create flexible patterns. When you use the allow list, only actions that patch a pattern in the list are allowed.
The allow list for specific actions can be used for any public repository, or private repositories that are part of a GitHub Enterprise plan.
Learn more
To get started with Actions policies, visit our documentation.
Tags:
Written by
Related posts
Celebrating the GitHub Awards 2024 recipients 🎉
The GitHub Awards celebrates the outstanding contributions and achievements in the developer community by honoring individuals, projects, and organizations for creating an outsized positive impact on the community.
New from Universe 2024: Get the latest previews and releases
Find out how we’re evolving GitHub and GitHub Copilot—and get access to the latest previews and GA releases.
Bringing developer choice to Copilot with Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview
At GitHub Universe, we announced Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview and o1-mini are coming to GitHub Copilot—bringing a new level of choice to every developer.