2 docs tagged with "github-actions"

This page covers how environment variables work in frontend and Node.js projects — naming conventions, the critical distinction between build-time and runtime variables, and how to manage secrets safely in local development, CI/CD, and production. This is the deeper coverage referenced from Web Security Essentials.

GitHub Actions workflows fetch third-party actions from GitHub repositories. Each uses: reference is a dependency — and like npm packages, actions can be compromised, typosquatted, or modified after the version tag you referenced was originally pinned. This page covers the risks and how to address them.