Use this GitHub Action as a continuous integration check to ensure that all the actions you depend on are pinned to a SHA

Using arbitary branches for Actions is a risk, but as always it’s a compromise between security and making life easy for ourselves.



pin-github-action allows you to pin to a specific SHA whilst still pointing to a branch or tag