privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
77 Commits 17 Branches 0 Tags
7d5c6d67d61e3c7abecea465a19f193b19e78e1c
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Hugh Hackman 7d5c6d67d6 chore(renovate): enable pinDigests for GitHub Actions SHA pinning 
Adds `pinDigests: true` to the org-wide Renovate config. Renovate will
now automatically pin all GitHub Actions references to full commit SHAs
and keep them updated via weekly PRs.

This implements the supply-chain hardening goal from PRI-731 without
requiring a one-time manual SHA substitution that would quickly become
stale. Renovate handles pin creation and ongoing updates, eliminating
the toil.

The github-actions packageRule is preserved — Renovate will still group
minor/patch action tag updates, and each group PR will include the
corresponding SHA pins.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-22 06:38:02 +00:00
.github
fix(ci): use python3 for pnpm detection instead of node
2026-03-22 05:59:48 +00:00
profile
fix: add kube-vip ArtifactHub badge to org profile README
2026-03-19 00:23:43 +00:00
FUNDING.yml
Add org-wide FUNDING.yml for GitHub Sponsors
2026-03-07 16:12:53 +00:00
LICENSE
chore: add Apache-2.0 LICENSE
2026-03-09 10:21:49 +00:00
README.md
Initial commit
2026-03-07 15:23:04 +00:00
renovate-config.json
chore(renovate): enable pinDigests for GitHub Actions SHA pinning
2026-03-22 06:38:02 +00:00

README.md

.github

Reference in New Issue View Git Blame Copy Permalink
S
Description
Privileged Escalation organization configuration and governance
Readme 2.7 MiB
Languages
Shell 100%