Closed
Description
Summary
The project has a workflow that runs on every push or pull requests that is in charge of checking that any workflow used in the repo is applying GitHub's best practices around version pinning.
Currently there's a set of vendors that are considered trusted and that will be exempted from this check. After discussing this internally we have decided to remove this allow-list and check all 3rd party workflows moving forward.
Why is this needed?
To improve even further the security posture of workflows and apply zero trust.
Which area does this relate to?
Automation
Solution
No response
Acknowledgment
- This request meets Lambda Powertools Tenets
- Should this be considered in other Lambda Powertools languages? i.e. Python, Java, and .NET
Future readers
Please react with 👍 and your use case to help us understand customer demand.