The README shows the following example for consuming an immutable action:
Consumers of your action will then be able to specify that version to consume your action from the package, e.g.
This is indistinguishable from the existing syntax for mutable actions, which I assume is for backwards compatibility reasons.
Is there anyway for a consumer or analysis tool to know what security guarantees to expect from an action (e.g. if pinning to a SHA is necessary for immutability)?
The README shows the following example for consuming an immutable action:
This is indistinguishable from the existing syntax for mutable actions, which I assume is for backwards compatibility reasons.
Is there anyway for a consumer or analysis tool to know what security guarantees to expect from an action (e.g. if pinning to a SHA is necessary for immutability)?