Do the Actions follow all GitHub security best practices?
Are the Actions maintained in the long term?
Are the Actions dependencies vulnerability free?
Are the Actions reliable?
Can the solution detect SolarWinds and Codecov-style security attacks that are only applicable for CI/CD?
Can the solution prevent SolarWinds and Codecov-style CI/CD security attacks?
Can the solution harden the CI/CD environment to reduce the attack surface?
Can the solution provide CI/CD specific forensics capabilities?