pinact
« Back to VersTracker
Description:
Pins GitHub Actions to full hashes and versions
Type: Formula  |  Latest Version: 3.6.0@0  |  Tracked Since: Dec 7, 2025
Links: Homepage  |  GitHub  |  formulae.brew.sh
Stars: 653  |  Forks: 19  |  Language: Go  |  Category: Devops
Tags: github-actions devops security ci-cd automation hash-pin
Install: brew install pinact
About:
Pinact is a CLI tool that automatically updates GitHub Actions workflow files to use pinned versions and full commit hashes. This enhances security and reliability by preventing supply chain attacks and ensuring consistent builds. It scans and modifies workflow YAML files to replace floating version tags with immutable references.
Key Features:
  • Automatically pins GitHub Actions to commit hashes
  • Supports both 'uses' and 'action-ref' patterns
  • Idempotent operations with safe file modification
  • CLI tool written in Go for performance
  • Open source with active maintenance
Use Cases:
  • Securing CI/CD pipelines against malicious action updates
  • Ensuring reproducible builds across environments
  • Compliance with security auditing requirements
  • Automating dependency lock file generation
Alternatives:
  • actions-hash – Similar functionality but less actively maintained
  • Renovate – Broader dependency management, not GitHub Actions specific
  • Dependabot – GitHub-native solution but limited to action updates
Version History
Detected Version Rev Change Commit
Dec 27, 2025 8:18am 3.6.0 0 VERSION_BUMP 08a23716
Dec 7, 2025 2:55am 0 VERSION_BUMP ebdd9353
Sep 16, 2025 11:37am 0 VERSION_BUMP f7272d9d
Dec 30, 2024 1:06am 0 VERSION_BUMP 54d0cad2
« Back to VersTracker  |  Browse Packages  |  About