Repository Action Allow List

The following rule type is available to define an allow list of actions to be used in workflows a repository.

`stacklok/repo_action_allow_list` - Verifies that the github workflows in a repo only use actions enumerated in the rule.

Ensure that the workflows in a repository only use actions that are allowed in the profile.

Having an overview over which actions and reusable workflows are allowed in a repository is important and allows for a better overall security posture.

For more information, see https://docs.github.com/en/rest/actions/permissions#set-allowed-actions-and-reusable-workflows-for-a-repository

Entity

repository

Type

stacklok/repo_action_allow_list

Rule parameters

None

Rule definition options

The stacklok/repo_action_allow_list rule supports the following options:

actions (array of strings) - List of actions that are allowed to be used in the repository. The list should be in the format of owner/repo. For example, actions/checkout

stacklok/repo_action_allow_list - Verifies that the github workflows in a repo only use actions enumerated in the rule.​

Entity​

Type​

Rule parameters​

Rule definition options​

`stacklok/repo_action_allow_list` - Verifies that the github workflows in a repo only use actions enumerated in the rule.

Entity

Type

Rule parameters

Rule definition options