Harden the CI workflow's supply chain

Solve in your browser

Edit the files below. The Objectives tick green live as you work. Hit Check when they all pass and your verified proof page is issued automatically.

Objectives

  • Not met: Every action is pinned to a full commit SHA, not a mutable tag
  • Not met: The workflow sets a read-only GITHUB_TOKEN (permissions)
Objectives update live as you edit. Hitting Check commits your proof.

No account needed to explore. When you're ready, browse the rest of the challenges or sign in to save a solve as a verified proof.