Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma varunsh@stepsecurity.io
GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows.
See:
GitHub Actions: Control permissions for GITHUB_TOKEN
About the GITHUB_TOKEN secret
The Open Source Security Foundation (OpenSSF) Scorecards treats not setting token permissions as a high-risk issue
Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma varunsh@stepsecurity.io
GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows.
See:
GitHub Actions: Control permissions for GITHUB_TOKEN
About the GITHUB_TOKEN secret
The Open Source Security Foundation (OpenSSF) Scorecards treats not setting token permissions as a high-risk issue