Finding Unpinned and Unpinnable GitHub Actions Across Your Org

This article explains how to identify unpinned (floating) and unpinnable GitHub Actions across an organization. Unpinned actions can introduce supply chain risks since their versions can change without notice. It provides methods and tooling to detect these actions to improve security and reproducibility in CI/CD pipelines.