Securing GitHub Actions Workflows When to Use - When GitHub Actions is the CI/CD platform and workflows need hardening against supply chain attacks - When workflows handle secrets, deploy to production, or have elevated permissions - When preventing script injection via untrusted PR titles, branch names, or commit messages - When requiring audit trails and approval gates for workflow modifications - When third-party actions pose supply chain risk through mutable version tags Do not use for securing other CI/CD platforms (see platform-specific hardening guides), for application vulnerability s…