Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set permissions for GitHub actions #4855

Merged
merged 1 commit into from
Aug 3, 2022
Merged

Set permissions for GitHub actions #4855

merged 1 commit into from
Aug 3, 2022

Conversation

nathannaveen
Copy link
Contributor

@nathannaveen
chore: Set permissions for GitHub actions
cac6194 
 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
@javierm javierm self-assigned this Jun 13, 2022
@javierm javierm added this to Reviewing in Consul Democracy via automation Jun 13, 2022
javierm
javierm approved these changes Aug 3, 2022
View reviewed changes
Copy link
Member

@javierm javierm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nathannaveen Thanks! Appreciate it 😉.

Consul Democracy automation moved this from Reviewing to Testing Aug 3, 2022
@javierm javierm merged commit f388e1f into consuldemocracy:master Aug 3, 2022
Consul Democracy automation moved this from Testing to Release 1.6.0 Aug 3, 2022
@Senen Senen mentioned this pull request Aug 22, 2022
Merged
@javierm javierm changed the title chore: Set permissions for GitHub actions Set permissions for GitHub actions Nov 1, 2022
@javierm javierm mentioned this pull request Mar 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javierm javierm javierm approved these changes

Assignees

@javierm javierm

@nathannaveen nathannaveen

Labels
Maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nathannaveen @javierm