Skip to content
test-scan-apk

Limit GITHUB_TOKEN permissions #26

Sign in to view logs

Limit GITHUB_TOKEN permissions

Limit GITHUB_TOKEN permissions #26

Workflow file for this run

.github/workflows/test-scan-apk.yaml at b5cdf8f
name: test-scan-apk
on: [pull_request]
permissions:
contents: read
jobs:
test-unpinned:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: ./scan-apk
id: scan
with:
package: ko
- run: echo ${{ steps.scan.outputs.vuln-count }}
test-pinned:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: ./scan-apk
id: scan
with:
package: ko=0.13.0-r4
- run: echo ${{ steps.scan.outputs.vuln-count }}
test-alpine:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: ./scan-apk
id: scan
with:
repositories: https://dl-cdn.alpinelinux.org/alpine/edge/main
keyring: ""
package: busybox
- run: echo ${{ steps.scan.outputs.vuln-count }}