You can enable, disable, and limit GitHub Actions for an organization.| GitHub Docs
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.| wiz.io
tj-actions/changed-files| www.stepsecurity.io
| semgrep.dev