Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add permissiosn to workflows at the issue level #507

Open
kjaymiller opened this issue Oct 5, 2024 · 0 comments
Open

Add permissiosn to workflows at the issue level #507

kjaymiller opened this issue Oct 5, 2024 · 0 comments
Labels

Comments

@kjaymiller
Copy link
Contributor

Actions should have issue

Why

We have settings that allow for actions to create Pull Requests against our code using GitHub actions.

By Setting restrictions only where they are needed and setting actions to read otherwise will reduce the action space in which this can be applied.

Remediation (click "Show more" below):

Set top-level permissions as read-all or contents: read as described in GitHub's documentation.

Set this if there if GITHUB_TOKEN is not being used.

Set any required write permissions at the job-level. Only set the permissions required for that job; do not set permissions: write-all at the job level.

For actions where GITHUB_TOKEN is being used then we need to set the permissions in the job where it is required.

To help determine the permissions needed for your workflows, you may use StepSecurity's online tool by ticking the "Restrict permissions for GITHUB_TOKEN". You may also tick the "Pin actions to a full length commit SHA" to fix issues found by the Pinned-dependencies check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant