Update Blog “tips-and-tricks-for-using-renovate”

2023-01-17 19:10:37 +00:00 · 2023-01-17 19:10:37 +00:00 · 986066807d
parent 57c677dda0
commit 986066807d
1 changed files with 14 additions and 0 deletions
--- a/content/posts/tips-and-tricks-for-using-renovate.md
+++ b/content/posts/tips-and-tricks-for-using-renovate.md
@ -92,3 +92,17 @@ This is how the relevant configuration might look like with Renovate
 ```

 You can read more about Regex Managers [here](https://docs.renovatebot.com/modules/manager/regex/).
+
+## Making your GitHub Actions usage more secure
+
+According to GitHub's [official recommendations](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions), you should be using exact commit SHAs instead of tags for third-party actions. However, this is a pain to do manually. Instead, allow Renovate to manage it for you!
+
+```json
+{
+  "extends": [
+    "config:base",
+    ":dependencyDashboard",
+    "helpers:pinGitHubActionDigests",
+  ]
+}
+```