Platform engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in the cloud-native era.

Platform Engineering

What compliance scans to do before putting the 3rd party actions in the allowlist etc?

I think within github organization you have option to control what all 3rd party actions teams can use. In case teams wants to use the actions which are not permitted at org level we can create a submodule into our repo pointing to 3rd party repo under .github/actions. U can refer those in github action yaml by providing proper path to action which is in submodule. This is just work around would love to hear any more suggestions.

Yeah but I’m more interested to know what all compliance check an GitHub Actions admin should follow before allowing those 3rd party actions in the org settings. 