https://stg.elyclover.com/categories/ghes/Recent content in GHES on Ely CloverHugo -- gohugo.ioen-uskevin@elyclover.com (Kevin Holmes)kevin@elyclover.com (Kevin Holmes)© 2026 Kevin HolmesFri, 28 Jul 2023 10:00:00 +0000https://stg.elyclover.com/posts/governance-of-3rd-party-gh-actions/Fri, 28 Jul 2023 10:00:00 +0000kevin@elyclover.com (Kevin Holmes)https://stg.elyclover.com/posts/governance-of-3rd-party-gh-actions/<p>After spending a few years using GitHub Actions in Open Source, Commercial, and FedRamp environments, I wanted to share some of my takeaways for a few options on how to provide governance over what Actions you allow to be used within your self-hosted GHES and Actions runner instances. This article will focus on government or commercial users self-hosting source code (GHES) and the Actions runners in their secured environments.</p> <p>There are two paths if you boil this down:</p>