Enhancing Security with Bullfrog's 'enable-sudo' Option

We are pleased to introduce the enable-sudo option, a powerful enhancement to Bullfrog that offers improved control over sudo command execution in GitHub Actions workflows.

Understanding enable-sudo

The enable-sudo input allows developers to disable the execution of commands requiring sudo privileges within workflows. This capability enhances your ability to secure workflows against potential vulnerabilities introduced by third-party code.

Using enable-sudo

To integrate the enable-sudo option into your workflow configuration, simply include it in your step setup. Here’s an example:

- uses: bullfrogsec/bullfrog@<sha1>
  with:
    allowed-ips: # Your allowed IPs
    allowed-domains: # Your allowed domains
    dns-policy: "allowed-domains-only" # Your DNS policy
    egress-policy: "audit" # Your egress policy
    enable-sudo: false # Disable sudo commands

In this example, setting enable-sudo: false ensures that no sudo commands can be executed during the workflow, thereby strengthening security measures.