You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have settings that allow for actions to create Pull Requests against our code using GitHub actions.
By Setting restrictions only where they are needed and setting actions to read otherwise will reduce the action space in which this can be applied.
Remediation (click "Show more" below):
Set top-level permissions as read-all or contents: read as described in GitHub's documentation.
Set this if there if GITHUB_TOKEN is not being used.
Set any required write permissions at the job-level. Only set the permissions required for that job; do not set permissions: write-all at the job level.
For actions where GITHUB_TOKEN is being used then we need to set the permissions in the job where it is required.
To help determine the permissions needed for your workflows, you may use StepSecurity's online tool by ticking the "Restrict permissions for GITHUB_TOKEN". You may also tick the "Pin actions to a full length commit SHA" to fix issues found by the Pinned-dependencies check.
The text was updated successfully, but these errors were encountered:
Actions should have issue
Why
We have settings that allow for actions to create Pull Requests against our code using GitHub actions.
By Setting restrictions only where they are needed and setting actions to read otherwise will reduce the action space in which this can be applied.
Remediation (click "Show more" below):
Set this if there if GITHUB_TOKEN is not being used.
For actions where GITHUB_TOKEN is being used then we need to set the permissions in the job where it is required.
The text was updated successfully, but these errors were encountered: