Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Set permissions for GitHub actions #5990

Merged
merged 1 commit into from Apr 28, 2022
Merged

chore: Set permissions for GitHub actions #5990

merged 1 commit into from Apr 28, 2022

Conversation

neilnaveen
Copy link
Contributor

@neilnaveen
chore: Set permissions for GitHub actions
257ea55 
 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
@neilnaveen neilnaveen requested a review from a team as a code owner April 17, 2022 15:51
@netlify
Copy link

netlify bot commented Apr 17, 2022
edited

Deploy Preview for chef-inspec canceled.

Name Link
🔨 Latest commit 257ea55
🔍 Latest deploy log https://app.netlify.com/sites/chef-inspec/deploys/625c377b0f37620008919c63

@chef-expeditor
Copy link
Contributor

Hello neilnaveen! Thanks for the pull request!

Here is what will happen next:

  1. Your PR will be reviewed by the maintainers.
  2. Possible Outcomes
    a. If everything looks good, one of them will approve it, and your PR will be merged.
    b. The maintainer may request follow-on work (e.g. code fix, linting, etc). We would encourage you to address this work in 2-3 business days to keep the conversation going and to get your contribution in sooner.
    c. Cases exist where a PR is neither aligned to Chef InSpec's product roadmap, or something the team can own or maintain long-term. In these cases, the maintainer will provide justification and close out the PR.

Thank you for contributing!

@clintoncwolfe clintoncwolfe merged commit cb0a6c8 into inspec:main Apr 28, 2022
chef-expeditor bot pushed a commit that referenced this pull request Apr 28, 2022
@chef-ci
Update CHANGELOG.md with details from pull request #5990
a50ab3d 
Obvious fix; these changes are the result of automation not creative thinking.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clintoncwolfe clintoncwolfe Awaiting requested review from clintoncwolfe clintoncwolfe is a code owner automatically assigned from inspec/inspec-core-team

@Vasu1105 Vasu1105 Awaiting requested review from Vasu1105 Vasu1105 is a code owner automatically assigned from inspec/inspec-core-team

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@neilnaveen @clintoncwolfe