Maintenance: remove allow list from untrusted workflows

[dreamorosi]

Summary

The project has a workflow that runs on every push or pull requests that is in charge of checking that any workflow used in the repo is applying GitHub's best practices around version pinning.

Currently there's a set of vendors that are considered trusted and that will be exempted from this check. After discussing this internally we have decided to remove this allow-list and check all 3rd party workflows moving forward.

Why is this needed?

To improve even further the security posture of workflows and apply zero trust.

Which area does this relate to?

Automation

Solution

No response

Acknowledgment

• This request meets Lambda Powertools Tenets
• Should this be considered in other Lambda Powertools languages? i.e. Python, Java, and .NET

Future readers

Please react with 👍 and your use case to help us understand customer demand.

[github-actions]

⚠️ COMMENT VISIBILITY WARNING ⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.