Skip to main content

Security guides

Security hardening and good practices for GitHub Actions.

Security hardening for GitHub Actions

Good security practices for using GitHub Actions features.

Using secrets in GitHub Actions

Secrets allow you to store sensitive information in your organization, repository, or repository environments.

Using GitHub's security features to secure your use of GitHub Actions

GitHub has several security features that can enhance the security of the actions you consume and publish.

Automatic token authentication

GitHub provides a token that you can use to authenticate on behalf of GitHub Actions.

Using artifact attestations to establish provenance for builds

Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.

Enforcing artifact attestations with a Kubernetes admission controller

Use an admission controller to enforce artifact attestations in your Kubernetes cluster.

Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3

Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.

Verifying attestations offline

Artifact attestations can be verified without an internet connection.