GitHub Actions Security Hub

关于

The GitHub Actions Security Patterns Hub provides a consolidated, authoritative set of production-ready security patterns to protect your CI/CD pipelines from common supply chain and infrastructure attacks. It streamlines the implementation of complex security controls by providing guidance on action pinning, GITHUB_TOKEN permission minimization, OIDC-based secret management, and secure workflow trigger configurations. This skill is essential for DevSecOps teams and developers who need to move beyond basic vendor checklists to implement robust, enterprise-grade security in their GitHub automation.

主要功能

• Runner hardening checklists and ephemeral environment patterns
• Least-privilege GITHUB_TOKEN permission templates
• SHA-based action pinning for supply chain integrity
• Secure trigger configuration to prevent fork-based attacks
• 0 GitHub stars
• OIDC federation patterns for secret-less cloud access

使用场景

• Hardening existing CI/CD workflows against supply chain attacks
• Implementing organizational security standards for public and private repositories
• Eliminating long-lived secrets using OIDC for AWS, GCP, and Azure