GitHub Actions Security Hub

The GitHub Actions Security Patterns Hub provides a consolidated, authoritative set of production-ready security patterns to protect your CI/CD pipelines from common supply chain and infrastructure attacks. It streamlines the implementation of complex security controls by providing guidance on action pinning, GITHUB_TOKEN permission minimization, OIDC-based secret management, and secure workflow trigger configurations. This skill is essential for DevSecOps teams and developers who need to move beyond basic vendor checklists to implement robust, enterprise-grade security in their GitHub automation.

Key Features

Use Cases