(hactoberfest): Fix code scanning alert #3821 #3872
Conversation
Signed-off-by: StepSecurity Bot <[email protected]>
…_1728159415 [StepSecurity] Apply security best practices
|
Thanks! A few questions:
|
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Checkout repository |
There was a problem hiding this comment.
you should checkout with submodules. See how we checkout in other places.
what this action does?
There was a problem hiding this comment.
used to monitor and log all outgoing network traffic during your CI/CD workflows without blocking any traffic.
| @@ -30,3 +30,23 @@ repos: | |||
| rev: 23.7.0 | |||
| hooks: | |||
| - id: black | |||
| - repo: https://github.com/gitleaks/gitleaks | |||
There was a problem hiding this comment.
gitleaks repo is used to detect and prevent hardcoded secrets like passwords, API keys and tokens in git repositries.
|
My main comment is that this PR is huge and I prefer we take it by baby steps - since both you and I do not have much experience in this domain. Please choose 1-2 improvements you want to add and submit only them, no need to add everything at once. |
|
I appreciate your feedback, and I am sorry for inconvenience that I may have caused, I am somewhat familiar with GitHub Actions but never used them in real projects, I will try my best to solve these and add them incrementally . I hope you can guide me if I face a problem thanks. |
GitHub actions use hashes to use the specific commit or SHA of an action to ensure stability.
step-security/harden-runner provides some security features like network egress filtering and runtime security. |
|
I prefer we won't use hashes and not add |
|
I will create a new pull request requesting change in one workflow. |
As first a student and first time contributor, I didn't understand fully what I had to do , but I tried my best. Thanks for giving me opportunity to learn :) .