Show HN: Ghapin – Tool to pin GitHub Actions to SHAs for supply-chain security

Category: devtools

Tags: supply-chain-security, github-actions, ci-cd

Score: 5.5/10 (Innovation: 4, Technical: 4, Documentation: 8, Utility: 6)

Ghapin is a CLI tool that automatically pins GitHub Actions workflow references from tags to commit SHAs to improve supply-chain security. It's interesting because it addresses a real security concern in CI/CD pipelines by making it easy to adopt immutable references, preventing potential attacks through compromised action tags.

Target audience: devops, backend-devs

Repository: https://github.com/TheDen/ghapin · Go · GPL-2.0 · 1 stars

View on Hacker News