Skip to main content

Security guides

Security hardening and good practices for GitHub Actions.

Security hardening for GitHub Actions

Good security practices for using GitHub Actions features.

Using secrets in GitHub Actions

Secrets allow you to store sensitive information in your organization, repository, or repository environments.

Using GitHub's security features to secure your use of GitHub Actions

GitHub has several security features that can enhance the security of the actions you consume and publish.

Automatic token authentication

GitHub provides a token that you can use to authenticate on behalf of GitHub Actions.

Using artifact attestations to establish provenance for builds

Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.