From 80bbe23ad546e64fcaa07d6f3da67fbd10bd62c0 Mon Sep 17 00:00:00 2001
From: Hiroshi Sugawara <5000164@users.noreply.github.com>
Date: Tue, 16 Jul 2024 18:17:01 +0900
Subject: [PATCH] docs: Add note to pin Docker image by its digest for enhanced
 security

---
 docs/docs/installation/github.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/docs/installation/github.md b/docs/docs/installation/github.md
index 38339d94..70c691d3 100644
--- a/docs/docs/installation/github.md
+++ b/docs/docs/installation/github.md
@@ -38,6 +38,16 @@ if you want to pin your action to a specific release (v0.23 for example) for sta
 ...
 ```
 
+For enhanced security, you can also specify the Docker image by its digest:
+```yaml
+...
+    steps:
+      - name: PR Agent action step
+        id: pragent
+        uses: docker://codiumai/pr-agent@sha256:14165e525678ace7d9b51cda8652c2d74abb4e1d76b57c4a6ccaeba84663cc64
+...
+```
+
 2) Add the following secret to your repository under `Settings > Secrets and variables > Actions > New repository secret > Add secret`:
 
 ```