- GitHub Actions Security Hardening / Secure Use Reference
- Securing deployments with OpenID Connect (OIDC) in GitHub Actions
- pull_request_target actions trigger
- Mitigating the risks of untrusted code checkout
- GitHub Actions CodeQL Query list
- josh-ops: Using OIDC with Reusable Workflows to Securely Access Cloud Resources
- josh-ops: How to Sign Commits for GitHub
- josh-ops: Implementing a GitHub Actions Allow List as Code
- josh-ops: Exporting GitHub Actions Dependency Data for Your Organization
- josh-ops: Configure GitHub Dependabot to Keep Actions Up to Date
- GitHub Blog: Our plan for a more secure npm supply chain
- GitHub Blog: When to choose GitHub-Hosted runners or self-hosted runners with GitHub Actions
- Github Changelog: GitHub Actions policy now supports blocking and SHA pinning actions
- GitHub Security Lab: Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
- Jesse Houwing: GitHub Actions learnings from the recent nx hack
- Ken Muse: Building GitHub Actions Runner Images With A Tool Cache
- Ken Muse: Building GitHub Runner Images With an Action Archive Cache
- @dane-joh: Choosing runners: GitHub-hosted runners (GHRs) or self-hosted runners (SHRs)?