What’s coming to our GitHub Actions 2026 security roadmap - Feedback & Suggestions #190621
Replies: 39 comments 62 replies
-
|
Cool roadmap! Will definitely dive into it. My first reaction (also regarding the dependency locking) : get rid of the whole "commit to a fork is part of the network of the forked repo" so I cannot just create my own sha in e.g. actions/checkout and then pin to that hiding my malicious code :) |
Beta Was this translation helpful? Give feedback.
-
|
Hi |
Beta Was this translation helpful? Give feedback.
-
|
|
Beta Was this translation helpful? Give feedback.
-
|
For could this be built into the PR flow? As a PR creator (or other user with write access to PR head) who modifies a workflow I’d like the ability to run the dependency resolution and them commit the result on top of my commit via web flow. |
Beta Was this translation helpful? Give feedback.
-
|
Do something about "Imposter Commits". Accepting a PR from an apparently good samaritan suggesting to pin your GitHub Actions from tag to commit SHA can be worse than not accepting if they point to |
Beta Was this translation helpful? Give feedback.
-
|
I would love secrets to not just be available to any action (as an environment) but only when explicitly provided using |
Beta Was this translation helpful? Give feedback.
-
|
One big issue I have is that you can't use dependabot to update npm dependencies of your github actions: actions/typescript-action#986 The reply was that this would be fixed with Immutable Actions but after 4 years of development that project seems to have been canned: github/roadmap#592 Immutable Releases does not solve the same issue as Github Action authors still need to commit build artifacts to their repos making it fundamentally incompatible with Dependabot. Any plans on solving this specific pain-point? As it makes keeping the dependencies of the actions themselves practically impossible |
Beta Was this translation helpful? Give feedback.
-
Love this! Also we need the policies here to be quite flexible. —- On a similar note, we need oidc for GitHub apps. |
Beta Was this translation helpful? Give feedback.
-
|
GitHub Actions security currently relies heavily on user awareness and best practices; stronger platform guarantees will really help the community. While pinning actions to full commit SHAs is correctly recommended and does provide immutability of content, it does not guarantee provenance, and this distinction is not well understood. As documented by GitHub, users are expected to verify that a pinned SHA originates from the intended repository and not a fork, but this is easy to miss and not validated by the platform. This creates a gap where a malicious pull request can swap in a commit from a fork without changing the apparent owner/repo reference, undermining the trust model many users assume SHA pinning provides. The solution is to make provenance a first-class concept; an enforced property: ensure that owner/repo@sha resolves only to commits that exist within that repository, or otherwise fail the workflow. In addition, provenance signals should be surfaced directly in pull requests and workflow logs (e.g., indicating when a commit originates from a fork or is being used for the first time), and ideally backed by cryptographic attestation mechanisms. Additional ideas for improvements: include making immutable releases the default rather than optional, enforcing least-privilege permissions for tokens and secrets by default, strengthening environment-based secret scoping, and providing optional network egress controls to detect or prevent data exfiltration. So to wrap it all up, recommend that GitHub update its guidance and messaging to clearly communicate that SHA pinning ensures immutability but not trust, and pair that guidance with automated enforcement and visibility features so that security does not depend on manual verification alone. I hope this is helpful! |
Beta Was this translation helpful? Give feedback.
-
|
I see this as a first step into the right direction. Congrats on that, expect the timing could a bit better. And that is to implement real secrets management with bulk rotation / revocation. I'm having a background in specific areas and worked with GH Enteprise for one customer in the past. |
Beta Was this translation helpful? Give feedback.
-
|
Your approach of using the Actions Data Stream as an immutable source of truth for security investigations is a strong forward-looking solution. By decoupling the audit trail from mutable workflow run logs, you address the core incident response gap exploited in those supply-chain attacks. Knowing that the Data Stream will retain an unalterable record of what ran and what it did provides confidence that forensic analysis won’t be undermined by post-facto log deletion. That said, I wonder if there’s room to layer additional controls on the deletion capability itself, even while preserving legitimate cleanup use cases. For example:
Such measures wouldn’t break existing cleanup workflows (which could adapt to use the new permissions or wait for the retention window) but would raise the bar for attackers attempting to cover their tracks. Combined with the immutable Data Stream, this would create a defense-in-depth posture: the Stream ensures visibility, while stricter deletion controls reduce the likelihood that visibility is lost in the first place. Either way, I’m encouraged that the team is actively tracking this issue and leveraging the Data Stream to mitigate the risk. It’s a thoughtful balance between operational flexibility and security resilience. |
Beta Was this translation helpful? Give feedback.
-
|
Please have a look at Also see a post from Chainguard's CEO regarding that. |
Beta Was this translation helpful? Give feedback.
-
|
I love the idea of rulesets as policies. We've been wanting to find a scalable way to apply policies to workflows (like OPA in CircleCI). Examples:
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks for publishing this roadmap. One additional capability I’d like to see prioritized: an organization/enterprise-level control to require that workflows use only approved runner classes, especially self-hosted or larger/private runners, and explicitly disallow public GitHub-hosted runners across all repositories. Today, we can govern Actions usage, allowed actions, secrets, and self-hosted runner access, but there does not appear to be a native org-wide policy that says “workflows in this org may not use public GitHub-hosted runners.” That leaves enforcement to code review, custom linters, policy-as-code, or repository-by-repository conventions. For organizations treating CI/CD as production infrastructure, runner placement is a security boundary and should be centrally enforceable. Concretely, it would be useful to have:
I’d also like to see more native workflow auditing features. The Actions data stream sounds like a good step, but security teams also need first-class ways to answer questions such as:
Ideally this would be available as native org/enterprise inventory, audit log, API, and exportable reporting — not only as raw workflow YAML that every customer has to crawl and interpret independently. The roadmap items are pointed at the right problem: CI/CD is now part of the production trust boundary. Runner policy and workflow auditability should be treated as core governance primitives alongside dependency locking, scoped secrets, execution protections, and egress controls. |
Beta Was this translation helpful? Give feedback.
This comment was marked as disruptive content.
This comment was marked as disruptive content.
-
|
is there any plan for when node 26 will be available as it bring support for Temporal which could reduce the size or complexity of many actions, and it wouldn't be nice to wait for the next LTS version after v26 as it will release in 2027 |
Beta Was this translation helpful? Give feedback.
-
|
The roadmap items are strong, especially dependency locking, scoped secrets, egress controls, and workflow execution protections. One area I would prioritize is policy evidence for workflow runs. For regulated or security-sensitive repositories, teams need to know not only that a workflow passed, but which dependency lock, allowed-actions policy, secret scope, egress policy, runner image, and approval rule were applied to that run. A useful run-level security receipt could include: workflow file hash, action dependency lock ID, reusable workflow versions, permission set, secret access set, egress policy, triggering actor, approval requirement, runner class, and log-retention state. That would make Actions security much easier to audit and compare across runs. For adoption, dependency locking should also integrate naturally into PR review and Dependabot/Renovate-style update workflows; otherwise teams may bypass it because manual maintenance becomes too heavy. |
Beta Was this translation helpful? Give feedback.
-
|
The part of this roadmap that feels most important for agentic and automation-heavy setups is making the mutation boundary more explicit. A lot of security guidance today is still strongest at ingress (who triggered what, which SHA is pinned, what secret is scoped), but teams also need a clearer model for when a workflow crosses from observation into high-impact action.\n\nThat is why execution protections, richer signals, and better audit streams fit together so well: they help answer not only "what ran?" but "what authority became reachable, and under what conditions?"\n\nEspecially for AI-assisted or semi-autonomous workflows, I think the most valuable future state is one where approval, provenance, policy, and post-hoc evidence line up at the exact boundary where code or automation can mutate the world. |
Beta Was this translation helpful? Give feedback.
-
|
I would love to see more details in the Actions permissions (at least for Enterprise Managed Users). These would include:
I would LOVE to give my developers the ability to fire off a build run, and create a workflow from a template, and edit variables, but NOT be able re-run a build or edit the workflows. Additionally, I would love a way to allow ONLY enterprise workflow templates to be shown in the "Create New Action" window. I admit that these are maybe not features that the general user of GitHub wants, but for Enterprise customers, they would be fantastic!! UPDATE: After further review, GitHub Actions is just not "Enterprise" enough for us. While I would think these are good suggestions for you product, you don't need to do them based on my vote (not that you would have with just one vote). Not that it matters to GitHub, but here are the ways that Actions falls short for us.
|
Beta Was this translation helpful? Give feedback.
-
|
According to the docs, Dependabot Alerts do not fire for SHA-pinned actions:
This should be prioritized, we shouldn't need to choose between pinned SHAs and Dependabot Alerts (for actions which don't yet support immutable releases) |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Love this https://github.blog/changelog/2026-06-18-control-who-and-what-triggers-github-actions-workflows/ But I could not find the "Actions Insights" page to monitor policy violation |
Beta Was this translation helpful? Give feedback.
-
|
For the new Workflow Execution Policy at enterprise level announced from https://github.blog/changelog/2026-06-18-control-who-and-what-triggers-github-actions-workflows/, no way to choose actors?
It works good at org or repo level. |
Beta Was this translation helpful? Give feedback.
-
|
For workflow execution policies I created a few and set them in evaulate mode. I am wondering if there are currently any ogs for this? Is there no view such as repository rulesets' "Insights" or any audit logs? |
Beta Was this translation helpful? Give feedback.
-
|
Hi everyone, quick update from our side 😄 We've expanded the Native Egress Firewall technical preview by granting all users access to the new firewall runner label in audit mode ( If you need access to larger runners, please submit an issue in the repo. A few additional updates:
|
Beta Was this translation helpful? Give feedback.
This comment was marked as low quality.
This comment was marked as low quality.
-
Beta Was this translation helpful? Give feedback.
-
|
To confirm my understanding of workflow execution policies: if I restrict to specific actors, this applies to all workflows, correct? If so, here's a feature request: let me pick which workflows a policy applies to. For example, I'd like to be able to have a repository with many workflows that can be triggered by anybody with write access, but select more sensitive workflows can only be triggered by a specific team. I can work around this today by moving workflows between repositories so the same protection applies to all workflows in a repo, but it would be nice to be more flexible within one repo. |
Beta Was this translation helpful? Give feedback.





Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
We recently published a blog post outlining capabilities GitHub is actively investing in and developing for Actions security:
🔗 Blog post: What’s coming to our GitHub Actions 2026 security roadmap
Capabilities highlighted in the blog:
We'd love your feedback:
Subscribe to this discussion to stay updated as we share more. 🔔
Beta Was this translation helpful? Give feedback.
All reactions