[Feature] Enable Release Immutability GitHub Feature #2728
Description
Is this feature missing in the latest version?
- I'm using the latest release
Is your feature request related to a problem? Please describe.
Our security scanners when using the GitHub Action detect that not having immutable releases is a security vulnerability. Example below (unfortunately the code scanner uses this repository as an example):
Describe the solution you'd like?
Enable release immutability in the settings of this GitHub repository:
Can read more about it here - https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases
Describe alternatives you've considered?
We could switch to referencing commit SHAs as an alternative, but it wouldn't be a nice way for people to easily identify the version of the action currently being used. Enabling release immutability will allow people to quickly check the version of the action they're using.
Anything else?
No response
Code of Conduct
- I agree to follow this project's Code of Conduct