|
|
|
|
|
|
by captn3m0
52 days ago
|
|
|
A new problem is that even pinned actions themselves download unpinned transitive dependencies, such as the case with trivy action. Zizmor recently shipped a rule to warn of such actions, but it only does it for two known actions so far. |
|
|