Update content/actions/security-guides/security-hardening-for-github-actions.md

Thanks for the suggestion... Co-authored-by: Edward Thomson <ethomson@github.com>
2026-01-07 00:01:39 -05:00 · 2022-02-07 12:09:59 -08:00
parent 691b0d2d78
commit c842b23ff3
1 changed files with 1 additions and 1 deletions
--- a/content/actions/security-guides/security-hardening-for-github-actions.md
+++ b/content/actions/security-guides/security-hardening-for-github-actions.md
@@ -204,7 +204,7 @@ The same principles described above for using third-party actions also apply to

 ## Using OpenSSF Scorecards to secure workflows

-Scorecards is an automated security tool that flags risky supply chain practices. You can use the Scorecards [GitHub Action](https://github.com/marketplace/actions/ossf-scorecard-action) and [starter workflow](https://github.com/actions/starter-workflows) to follow best security practices. Once configured, the Scorecards Action runs automatically on repository changes, and alerts developers about risky supply chain practices using the built-in code scanning experience. The Scorecards project makes a number of checks, including script injection attacks, token permissions, and pinned Actions.
+Scorecards is an automated security tool that flags risky supply chain practices. You can use the [Scorecards action](https://github.com/marketplace/actions/ossf-scorecard-action) and [starter workflow](https://github.com/actions/starter-workflows) to follow best security practices. Once configured, the Scorecards action runs automatically on repository changes, and alerts developers about risky supply chain practices using the built-in code scanning experience. The Scorecards project makes a number of checks, including script injection attacks, token permissions, and pinned actions.

 ## Potential impact of a compromised runner