Skip to content

Security: TimSchoenle/actions

Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Any version not listed in the following tables is not supported.

Actions

Bun

Component Version Supported
Bun Setup-cached actions-bun-setup-cached-v1.1.8

Common

Component Version Supported
Close Pull Request actions-common-close-pull-request-v1.1.0
Commit Changes actions-common-commit-changes-v1.1.4
Common Modify YAML actions-common-modify-yaml-v1.2.13
Common Read YAML actions-common-read-yaml-v1.1.0
Create Branch actions-common-create-branch-v1.2.0
Create Pull Request actions-common-create-pull-request-v1.0.5
Delete-Branch actions-common-delete-branch-v1.1.0
Get App Git Identity actions-common-get-app-git-identity-v1.1.0
Setup App Git Identity actions-common-setup-app-git-identity-v1.1.1

Helm

Component Version Supported
Update Helm Chart Version actions-helm-update-chart-version-v1.5.9

Helper

Component Version Supported
Helper Verify-branch-name actions-helper-verify-branch-name-v1.1.1
Resolve Branch actions-helper-resolve-base-branch-v1.1.0
Verify Commit Authors actions-helper-verify-commit-authors-v1.1.16

Java-gradle

Component Version Supported
Java-gradle Auto-spotless actions-java-gradle-auto-spotless-v1.1.4
Java-Gradle default setup actions-java-gradle-setup-base-environment-v1.2.3

Maintenance

Component Version Supported
Maintenance Auto-approve-pr actions-maintenance-auto-approve-pr-v1.1.6
Maintenance Ensure-actions-are-executed actions-maintenance-ensure-actions-are-executed-v1.1.0

Rust

Component Version Supported
Rust Auto-format actions-rust-auto-format-v1.1.1
Rust Cargo-check actions-rust-cargo-check-v1.1.1
Rust Clippy actions-rust-clippy-v1.1.1
Rust Coverage (Codecov) actions-rust-coverage-codecov-v1.1.8
Rust Test actions-rust-test-v1.1.0

Test

Component Version Supported
Setup E2E Test actions-test-setup-e2e-v1.2.1

Workflows

Maintenance

Component Version Supported
Auto Format workflows-maintenance-auto-bun-prettier-v1.1.13
Auto-Approve & Merge Timed PRs workflows-maintenance-timed-auto-pr-approve-v1.2.14
Maintenance Auto-approve-renovate workflows-maintenance-auto-approve-renovate-v1.4.4
Maintenance Auto-rebase workflows-maintenance-auto-rebase-v1.1.5
Maintenance Wipe-cache workflows-maintenance-wipe-cache-v1.1.6

Reporting a Vulnerability

We accept vulnerability reports via GitHub's Private Vulnerability Reporting feature.

  1. Go to the Security tab of this repository.
  2. Click on Report a vulnerability to open a private advisory.
  3. Provide details of the vulnerability.

This ensures that the report is handled securely and privately. Valid reports will be investigated and addressed as soon as possible.

Security Measures

This repository employs several automated security measures to ensure the integrity and safety of the code:

  • CodeQL Analysis: Automated vulnerability scanning is run on every push and pull request.
  • Dependency Updates: Renovate is used to keep dependencies up-to-date and secure.
  • Action Linting: zizmor is used to lint GitHub Actions workflows for security issues.
  • Branch Protection: Main branch is protected and requires passing status checks before merging.

Supply Chain Security

  • Protected Tags: All Git tags are immutable and protected. They can only be created through our automated release CI process.

There aren’t any published security advisories