Founder of Depot here. We provide faster and more reliable GitHub Actions runners (as well as other build performance services) at half the cost of GitHub [0]

[0] https://depot.dev/

Is there a write up on the security of actions or equivalent that explains how they are secure both with direct and transitive dependencies? If this applies to Depot.

Ah got it, thanks. I thought there was another kind of GitHub runner (like their "large" runners) that I hadn't heard of.