|
|
|
|
|
|
by woodruffw
407 days ago
|
|
|
FWIW: Self-hosted runners are non-trivial to secure[1]; the defaults GitHub gives you are not necessarily secure ones, particularly if your self-hosted runner executes workflows from public repositories. (Self-hosted runners are great for many other reasons, not least of which is that they're a lot cheaper. But I've seen a lot of people confuse GitHub Actions' latent security issues with something that self-hosted runners can fix, which is not per se the case.) [1]: https://docs.github.com/en/actions/security-for-github-actio... |
|
|