All GitHub workflows should be reviewed and updated to explicitly set only the permissions required for each job or workflow. This will help improve security and follow GitHub best practices.
Tasks:
- Audit all workflow files in the repository (.github/workflows).
- Set the
permissions key at the workflow or job level, specifying only the permissions needed (e.g., contents: read, issues: write, etc.).
- Remove any unnecessary or overly broad permissions.
- Test workflows to ensure they continue to function as expected.
Refer to GitHub documentation on workflow permissions for guidance.
All GitHub workflows should be reviewed and updated to explicitly set only the permissions required for each job or workflow. This will help improve security and follow GitHub best practices.
Tasks:
permissionskey at the workflow or job level, specifying only the permissions needed (e.g.,contents: read,issues: write, etc.).Refer to GitHub documentation on workflow permissions for guidance.