GitHub Actions: Fine-tune access to external actions

You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions.

You can limit external actions to just those created by GitHub, those in the Marketplace that were created by verified authors, or a combination
You can optionally list specific external actions. Wildcards, tags, and SHAs enable flexibility and specificity

Learn more about external action policies

For questions please visit the GitHub Actions community forum

To see what's next for GitHub Actions, visit our public roadmap.

JUN.12Retired
GitHub Actions: Minimum version enforcement timeline for self-hosted runners
- Actions
JUN.11Improvement
Bot-created pull requests can run workflows if approved
- Actions
JUN.11Release
GitHub Agentic Workflows is now in public preview
- Actions
JUN.11Release
New runner images in public preview
- Actions
MAY.14Improvement
GitHub Actions: Upcoming image migrations
- Actions
MAY.7Improvement
GitHub Actions concurrency groups now allow larger queues
- Actions
APR.27Improvement
Copilot cloud agent starts 20% faster with Actions custom images
- Actions
APR.27Release
GitHub Copilot code review will start consuming GitHub Actions minutes on June 1, 2026
- Actions
APR.24Improvement
Notice about upcoming new format for GitHub App installation tokens
- Actions

GitHub Actions: Fine-tune access to external actions

Related Posts

Subscribe to our developer newsletter