As part of the Haskell Security Response Team (SRT), we have worked on writing a guide on how to secure GitHub repositories to prevent supply chain compromises and unwanted code from getting into the repository (relatively similar to the recent xz attack).
You can find the guide on SRT’s GitHub repository. We plan to add more guides in the future as well as update current ones based on feedback.