Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set up permissions for Github Workflows #411

Closed
joycebrum opened this issue Feb 24, 2023 · 0 comments · Fixed by #412
Closed

Set up permissions for Github Workflows #411

joycebrum opened this issue Feb 24, 2023 · 0 comments · Fixed by #412

Comments

@joycebrum
Copy link
Contributor

Hi, I'm from google and the openSSF and I'm working on improving supply-chain security on many open source projects.

I would like to suggest to set the GITHUB_TOKEN permissions of your workflows as read only in the top level and grant any write permission needed at the run level.

It is a default behavior of github workflows to grant write permissions to all permission types, thus it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.

I'll send a PR just to show what the changes are about, but fell free to reach me out in case of any doubts or concerns about it, and I hope I can help ffms2 to increase its supply-chain security even more.

@joycebrum joycebrum changed the title Se up permissions for Github Workflows Set up permissions for Github Workflows Feb 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant