github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/RENOVATE.md (about) 1 # Renovate Best Practices and SLSA-GitHub-Generator 2 3 Renovate helps users to enforce security best practices when continuously upgrading GitHub actions. 4 5 Renovate provides a configuration snippet, which is used by most GitHub projects, to [automatically pin dependencies using the digest](https://docs.renovatebot.com/presets-helpers/#helperspingithubactiondigests) instead of git tags: `helpers:pinGitHubActionDigests`. 6 7 To add an exception to this rule for slsa-github-generator add the following package rule to your `renovate.json` config. 8 9 ```json 10 "packageRules": [ 11 { 12 "matchManagers": ["github-actions"], 13 "matchPackageNames": ["yogeshkumararora/slsa-github-generator"], 14 "pinDigests": false 15 } 16 ] 17 ``` 18 19 This will enable you to receive upgrades for the generator and keep the tagged version.