👋 Hi there!

We're the Package Security team at GitHub. We recently staff shipped immutable releases, a feature designed to improve supply chain security by preventing modifications to published releases.

We noticed that codeql-action is actively using GitHub Releases, and wanted to ask if you'd consider enabling immutability for your releases. This can be done with a simple checkbox in your repository's Settings > General > Enable release immutability.

If you have any concerns, blockers, or reasons for not enabling this feature, we'd love to hear about them! Your feedback helps us better understand real-world needs and improve our offerings.

For more details or discussion, please see: https://github.com/github/security-products/discussions/1883

Thanks for helping keep the ecosystem secure!