Skip to content

Commit 50618ff

Browse files
Update content/enterprise-onboarding/github-actions-for-your-enterprise/security-hardening-for-github-actions.md
1 parent 4167523 commit 50618ff

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

content/enterprise-onboarding/github-actions-for-your-enterprise/security-hardening-for-github-actions.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ To help mitigate the risk of an exposed token, consider restricting the assigned
154154

155155
## Understanding the risks of untrusted code checkout
156156

157-
Similar to script injection attacks, untrusted pull request content that automatically triggers Actions processing can also pose a security risk. The `pull_request_target` and `workflow_run` workflow triggers, when used with the checkout of an untrusted pull request, expose the repository to security compromises. These workflows are privileged (i.e. they share the same cache of the main branch with other privileged workflow triggers, may have repository write access and access to referenced secrets), which can be exploited to take over a repository.
157+
Similar to script injection attacks, untrusted pull request content that automatically triggers actions processing can also pose a security risk. The `pull_request_target` and `workflow_run` workflow triggers, when used with the checkout of an untrusted pull request, expose the repository to security compromises. These workflows are privileged (i.e. they share the same cache of the main branch with other privileged workflow triggers, may have repository write access and access to referenced secrets), which can be exploited to take over a repository.
158158

159159
Review the [`pull_request_target` trigger documentation](/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target) and the [`workflow_run` trigger documentation](/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow-run) for more information on these triggers, how to use them, and the risks associated with them.
160160

0 commit comments

Comments
 (0)