GitHub Actions 2026 security roadmap detailed

GitHub is enhancing its Actions platform with a 2026 security roadmap focused on secure defaults, policy controls, and CI/CD observability. This initiative aims to strengthen the software supply chain by addressing vulnerabilities in CI/CD automation itself, which attackers increasingly target. The plan involves making secure practices the default, empowering teams to become CI/CD security experts. Key areas include managing action dependencies, which are currently non-deterministic and resolved at runtime, often using mutable references like tags and branches. GitHub intends to improve auditability and security by promoting the use of immutable commit SHAs.