<?xml version="1.0" encoding="UTF-8"?>
<!-- generator="wordpress.com" -->
<urlset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"
	xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
	xmlns:news="http://www.google.com/schemas/sitemap-news/0.9"
	xmlns:image="http://www.google.com/schemas/sitemap-image/1.1"
	>
<url><loc>https://digital-business.blog/2026/07/10/third-party-actions-pinnen-warum-sha-statt-tag-und-was-eine-allowlist-bringt/</loc><news:news><news:publication><news:name>Dein Blog zum Thema digitales Business</news:name><news:language>de</news:language></news:publication><news:publication_date>2026-07-10T06:50:27+00:00</news:publication_date><news:title>Third-Party Actions pinnen: warum SHA statt Tag und was eine Allowlist bringt</news:title><news:keywords>CI/CD, GitHub Actions, Supply Chain Security, Dependabot, SHA-Pinning</news:keywords></news:news></url><url><loc>https://digital-business.blog/2026/07/09/runner-sicherheit-warum-self-hosted-runner-ein-eigenes-risiko-sind/</loc><news:news><news:publication><news:name>Dein Blog zum Thema digitales Business</news:name><news:language>de</news:language></news:publication><news:publication_date>2026-07-09T06:26:20+00:00</news:publication_date><news:title>Runner-Sicherheit: Warum Self-hosted Runner ein eigenes Risiko sind</news:title><news:keywords>GitHub Actions, GitSecOps, Self-hosted Runner, CI/CD-Sicherheit</news:keywords></news:news></url></urlset>
