From ab0b5b664324a1e3389da8693b7c0ae76f780dfb Mon Sep 17 00:00:00 2001 From: Rohit Date: Wed, 7 Sep 2022 20:59:14 +0530 Subject: [PATCH 01/22] KB-added --- .../dbelyaev/action-checkstyle/action-security.yml | 6 ++++++ knowledge-base/actions/dwenegar/action-security.yml | 8 ++++++++ .../sonarsource/sonarqube-scan-action/action-security.yml | 2 ++ 3 files changed, 16 insertions(+) create mode 100644 knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml create mode 100644 knowledge-base/actions/dwenegar/action-security.yml create mode 100644 knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml diff --git a/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml new file mode 100644 index 000000000..6cba719f0 --- /dev/null +++ b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml @@ -0,0 +1,6 @@ +name: Checkstyle for Java GitHub Action"" +github-token: + action-input: + input: github_token + is-default: true + #Reference: https://github.com/dbelyaev/action-checkstyle/blob/956b3848022aa1a3d74861d81f9d0b6853c17d36/README.md \ No newline at end of file diff --git a/knowledge-base/actions/dwenegar/action-security.yml b/knowledge-base/actions/dwenegar/action-security.yml new file mode 100644 index 000000000..6554e1808 --- /dev/null +++ b/knowledge-base/actions/dwenegar/action-security.yml @@ -0,0 +1,8 @@ +name: "GitHub Release Assets Upload Action" +github-token: + environment-variable-name: GITHUB_TOKEN + is-default: false + permissions: + contents: write + contents reason: + #Reference: \ No newline at end of file diff --git a/knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml b/knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml new file mode 100644 index 000000000..299184355 --- /dev/null +++ b/knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml @@ -0,0 +1,2 @@ +name : "Scan your code with SonarQube" +#Note: github token not used. From d27f4f95db6628670a91ab853c3fb3f744ceb71c Mon Sep 17 00:00:00 2001 From: Rohit Date: Wed, 7 Sep 2022 21:44:35 +0530 Subject: [PATCH 02/22] KB Added --- .../dbelyaev/action-checkstyle/action-security.yml | 7 +++++-- knowledge-base/actions/dwenegar/action-security.yml | 8 +++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml index 6cba719f0..e6a4bb253 100644 --- a/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml +++ b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml @@ -1,6 +1,9 @@ name: Checkstyle for Java GitHub Action"" github-token: - action-input: + action-input: input: github_token is-default: true - #Reference: https://github.com/dbelyaev/action-checkstyle/blob/956b3848022aa1a3d74861d81f9d0b6853c17d36/README.md \ No newline at end of file + permissions: + pull-request: read + pull-request-reason: To analyse the pull request + #Reference: https://github.com/dbelyaev/action-checkstyle/blob/956b3848022aa1a3d74861d81f9d0b6853c17d36/README.md diff --git a/knowledge-base/actions/dwenegar/action-security.yml b/knowledge-base/actions/dwenegar/action-security.yml index 6554e1808..1803cd55f 100644 --- a/knowledge-base/actions/dwenegar/action-security.yml +++ b/knowledge-base/actions/dwenegar/action-security.yml @@ -3,6 +3,8 @@ github-token: environment-variable-name: GITHUB_TOKEN is-default: false permissions: - contents: write - contents reason: - #Reference: \ No newline at end of file + contents: write + contents-reason: To upload release assets + + + #Reference: https://github.com/dwenegar/upload-release-assets/blob/fc5bc557b51cf4fc168f11bebc1e20a17949f0d2/src/upload-release-assets.ts#L50 \ No newline at end of file From fd1f2e70589da5101ae910dabc1977fd098b7746 Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 13:37:19 +0530 Subject: [PATCH 03/22] KB added --- .../dbelyaev/action-checkstyle/action-security.yml | 6 +++--- knowledge-base/actions/dwenegar/action-security.yml | 8 +++----- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml index e6a4bb253..6296eb81a 100644 --- a/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml +++ b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml @@ -1,9 +1,9 @@ -name: Checkstyle for Java GitHub Action"" +name: "Checkstyle for Java GitHub Action" github-token: action-input: input: github_token is-default: true permissions: - pull-request: read - pull-request-reason: To analyse the pull request + pull-requests: read + pull-requests-reason: to analyse the pull requests #Reference: https://github.com/dbelyaev/action-checkstyle/blob/956b3848022aa1a3d74861d81f9d0b6853c17d36/README.md diff --git a/knowledge-base/actions/dwenegar/action-security.yml b/knowledge-base/actions/dwenegar/action-security.yml index 1803cd55f..9142738f4 100644 --- a/knowledge-base/actions/dwenegar/action-security.yml +++ b/knowledge-base/actions/dwenegar/action-security.yml @@ -1,10 +1,8 @@ name: "GitHub Release Assets Upload Action" github-token: environment-variable-name: GITHUB_TOKEN - is-default: false permissions: - contents: write - contents-reason: To upload release assets - + contents: write + contents-reason: to upload release assets - #Reference: https://github.com/dwenegar/upload-release-assets/blob/fc5bc557b51cf4fc168f11bebc1e20a17949f0d2/src/upload-release-assets.ts#L50 \ No newline at end of file + #Reference: https://github.com/dwenegar/upload-release-assets/blob/fc5bc557b51cf4fc168f11bebc1e20a17949f0d2/src/upload-release-assets.ts#L50 From a31a612734e303e31710c438ec312938a918afd6 Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 17:12:26 +0530 Subject: [PATCH 04/22] KB added --- knowledge-base/actions/dwenegar/action-security.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/knowledge-base/actions/dwenegar/action-security.yml b/knowledge-base/actions/dwenegar/action-security.yml index 9142738f4..767a8b0f3 100644 --- a/knowledge-base/actions/dwenegar/action-security.yml +++ b/knowledge-base/actions/dwenegar/action-security.yml @@ -4,5 +4,4 @@ github-token: permissions: contents: write contents-reason: to upload release assets - - #Reference: https://github.com/dwenegar/upload-release-assets/blob/fc5bc557b51cf4fc168f11bebc1e20a17949f0d2/src/upload-release-assets.ts#L50 +#Reference: https://github.com/dwenegar/upload-release-assets/blob/fc5bc557b51cf4fc168f11bebc1e20a17949f0d2/src/upload-release-assets.ts#L50 From 280a6903491a6857007eb311f484aa5c03455c38 Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 18:34:44 +0530 Subject: [PATCH 05/22] KB added --- .../ArtiomTr/jest-coverage-report-action/action-security.yml | 2 ++ .../actions/codesee-io/codesee-map-action/action-security.yml | 2 ++ .../actions/megalinter/megalinter/action-security.yml | 2 ++ knowledge-base/actions/sett-and-hive/action-security.yml | 2 ++ .../tomwillis608/comment-test-coverage/action-security.yml | 2 ++ 5 files changed, 10 insertions(+) create mode 100644 knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml create mode 100644 knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml create mode 100644 knowledge-base/actions/megalinter/megalinter/action-security.yml create mode 100644 knowledge-base/actions/sett-and-hive/action-security.yml create mode 100644 knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml diff --git a/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml new file mode 100644 index 000000000..846d5457c --- /dev/null +++ b/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml @@ -0,0 +1,2 @@ +name: "jest coverage report " +#Note: github token not used diff --git a/knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml b/knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml new file mode 100644 index 000000000..abf25aade --- /dev/null +++ b/knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml @@ -0,0 +1,2 @@ +name: "codesee-map-action" +#Note: github token not used. diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml new file mode 100644 index 000000000..d2e136c06 --- /dev/null +++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml @@ -0,0 +1,2 @@ +name: "MegaLinter, by OX Security" +#Note: github token not found. diff --git a/knowledge-base/actions/sett-and-hive/action-security.yml b/knowledge-base/actions/sett-and-hive/action-security.yml new file mode 100644 index 000000000..e377c89cd --- /dev/null +++ b/knowledge-base/actions/sett-and-hive/action-security.yml @@ -0,0 +1,2 @@ +name : "" +#Note: github token not used. \ No newline at end of file diff --git a/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml b/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml new file mode 100644 index 000000000..0e4810eed --- /dev/null +++ b/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml @@ -0,0 +1,2 @@ +name: "Comment Test Coverage from a json-summary file" +#Note: github token not used \ No newline at end of file From 6e978f9b5e654f5a05b9b97b053717ebaa82ded3 Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 18:48:19 +0530 Subject: [PATCH 06/22] KB added --- knowledge-base/actions/sett-and-hive/action-security.yml | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 knowledge-base/actions/sett-and-hive/action-security.yml diff --git a/knowledge-base/actions/sett-and-hive/action-security.yml b/knowledge-base/actions/sett-and-hive/action-security.yml deleted file mode 100644 index e377c89cd..000000000 --- a/knowledge-base/actions/sett-and-hive/action-security.yml +++ /dev/null @@ -1,2 +0,0 @@ -name : "" -#Note: github token not used. \ No newline at end of file From bda9770855d9bfe4081fbd473443c9abb4b05d6c Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 19:08:58 +0530 Subject: [PATCH 07/22] KB added --- .../dwenegar/{ => upload-release-assets}/action-security.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename knowledge-base/actions/dwenegar/{ => upload-release-assets}/action-security.yml (100%) diff --git a/knowledge-base/actions/dwenegar/action-security.yml b/knowledge-base/actions/dwenegar/upload-release-assets/action-security.yml similarity index 100% rename from knowledge-base/actions/dwenegar/action-security.yml rename to knowledge-base/actions/dwenegar/upload-release-assets/action-security.yml From b60802c4009e5a89dbad1730a7542720c594386d Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Thu, 8 Sep 2022 19:24:27 +0530 Subject: [PATCH 08/22] Rename knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml to knowledge-base/actions/artiomtrjest/coverage-report-action/action-security.yml --- .../coverage-report-action}/action-security.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename knowledge-base/actions/{ArtiomTr/jest-coverage-report-action => artiomtrjest/coverage-report-action}/action-security.yml (100%) diff --git a/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtrjest/coverage-report-action/action-security.yml similarity index 100% rename from knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml rename to knowledge-base/actions/artiomtrjest/coverage-report-action/action-security.yml From db31fdaac5f0f2ae543398a1f12902d751875313 Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Thu, 8 Sep 2022 19:28:55 +0530 Subject: [PATCH 09/22] Rename knowledge-base/actions/artiomtrjest/coverage-report-action/action-security.yml to knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml --- .../jest-coverage-report-action}/action-security.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename knowledge-base/actions/{artiomtrjest/coverage-report-action => artiomtr/jest-coverage-report-action}/action-security.yml (100%) diff --git a/knowledge-base/actions/artiomtrjest/coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml similarity index 100% rename from knowledge-base/actions/artiomtrjest/coverage-report-action/action-security.yml rename to knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml From a05d0aff5a063de7b54db84d43199f6f1ba042ca Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 21:04:13 +0530 Subject: [PATCH 10/22] KB added --- .../jest-coverage-report-action/action-security.yml | 9 ++++++++- .../composite/action-security.yml | 4 ++-- .../actions/megalinter/megalinter/action-security.yml | 9 ++++++++- .../comment-test-coverage/action-security.yml | 3 ++- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml index 846d5457c..7b1e30443 100644 --- a/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml +++ b/knowledge-base/actions/ArtiomTr/jest-coverage-report-action/action-security.yml @@ -1,2 +1,9 @@ name: "jest coverage report " -#Note: github token not used +github-token: + action-input: + input: github-token + is-default: true + permissions: + pull-requests: write + pull-requests-reason: to comment on pull request + #Reference: https://github.com/ArtiomTr/jest-coverage-report-action/blob/e1023a86c8d1ba542bfaa9a18a9efe55ef494c8a/src/typings/Options.ts diff --git a/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml b/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml index e62849eff..e11958eaf 100644 --- a/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml +++ b/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml @@ -1,4 +1,4 @@ -name: 'Publish Unit Test Results' +name: "Publish Unit Test Results" github-token: action-input: input: github_token @@ -10,7 +10,7 @@ github-token: issues-reason: to get issues checks: write checks-reason: to check test results - pull-requests: write + pull-requests: write pull-requests-reason: to post comment on PR pull-requests-if: ${{ with['comment_mode'] != 'off' }} #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml index d2e136c06..40e3a8e79 100644 --- a/knowledge-base/actions/megalinter/megalinter/action-security.yml +++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml @@ -1,2 +1,9 @@ name: "MegaLinter, by OX Security" -#Note: github token not found. +github-token: + action-input: + input: GITHUB_TOKEN + is-default: true + permissions: + pull-requests: write + pull-requests-reason: to skip duplicate actions + #Reference: https://github.com/oxsecurity/megalinter/blob/09bd8a3aab852fd55f80b3c66dab3cc360c0b5b0/mega-linter-runner/lib/upgrade.js diff --git a/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml b/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml index 0e4810eed..c95675bca 100644 --- a/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml +++ b/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml @@ -1,2 +1,3 @@ name: "Comment Test Coverage from a json-summary file" -#Note: github token not used \ No newline at end of file +#Note: github token not used + \ No newline at end of file From a84215cad35b43a426ed53e7853757e0a42d0cd6 Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 21:05:52 +0530 Subject: [PATCH 11/22] KB added --- .../tomwillis608/comment-test-coverage/action-security.yml | 3 --- .../tomwillis608/detect-secrets-action/action-security.yml | 2 -- 2 files changed, 5 deletions(-) delete mode 100644 knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml delete mode 100644 knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml diff --git a/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml b/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml deleted file mode 100644 index c95675bca..000000000 --- a/knowledge-base/actions/tomwillis608/comment-test-coverage/action-security.yml +++ /dev/null @@ -1,3 +0,0 @@ -name: "Comment Test Coverage from a json-summary file" -#Note: github token not used - \ No newline at end of file diff --git a/knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml b/knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml deleted file mode 100644 index cad824df5..000000000 --- a/knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml +++ /dev/null @@ -1,2 +0,0 @@ -name: "Easy detect-secrets" # tomwillis608/detect-secrets-action -# GITHUB_TOKEN not used From d4fcb60aea817162cd93d6b6fd6ff928a284f747 Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 8 Sep 2022 21:35:00 +0530 Subject: [PATCH 12/22] KB ADDED --- .../actions/megalinter/megalinter/action-security.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml index 40e3a8e79..e88ba8964 100644 --- a/knowledge-base/actions/megalinter/megalinter/action-security.yml +++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml @@ -1,9 +1,7 @@ name: "MegaLinter, by OX Security" github-token: - action-input: - input: GITHUB_TOKEN - is-default: true + environment-variable-name: GITHUB_TOKEN permissions: - pull-requests: write + pull-requests: read pull-requests-reason: to skip duplicate actions #Reference: https://github.com/oxsecurity/megalinter/blob/09bd8a3aab852fd55f80b3c66dab3cc360c0b5b0/mega-linter-runner/lib/upgrade.js From c061c945c17fae8bb35d78220f7660fd7e52d6ab Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Mon, 12 Sep 2022 22:15:04 +0530 Subject: [PATCH 13/22] Update action-security.yml --- .../actions/megalinter/megalinter/action-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml index e88ba8964..6a593986f 100644 --- a/knowledge-base/actions/megalinter/megalinter/action-security.yml +++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml @@ -4,4 +4,4 @@ github-token: permissions: pull-requests: read pull-requests-reason: to skip duplicate actions - #Reference: https://github.com/oxsecurity/megalinter/blob/09bd8a3aab852fd55f80b3c66dab3cc360c0b5b0/mega-linter-runner/lib/upgrade.js + #Reference: https://github.com/step-security/secure-workflows/pull/1133/files/d4fcb60aea817162cd93d6b6fd6ff928a284f747#r968159151 From 202e8f610adfd38c7d96f01c0e89c5ff7b38e20a Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Mon, 12 Sep 2022 22:17:46 +0530 Subject: [PATCH 14/22] Update action-security.yml --- .../actions/megalinter/megalinter/action-security.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml index 6a593986f..c2e678b48 100644 --- a/knowledge-base/actions/megalinter/megalinter/action-security.yml +++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml @@ -3,5 +3,7 @@ github-token: environment-variable-name: GITHUB_TOKEN permissions: pull-requests: read - pull-requests-reason: to skip duplicate actions + pull-requests-reason: to analyse code consistency in pr + issues: write + issues-reasons: to comment report summary #Reference: https://github.com/step-security/secure-workflows/pull/1133/files/d4fcb60aea817162cd93d6b6fd6ff928a284f747#r968159151 From b1682f704636afd1000ac61c638d56195ed9e76d Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Mon, 12 Sep 2022 22:19:51 +0530 Subject: [PATCH 15/22] Update action-security.yml --- .../jest-coverage-report-action/action-security.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml index 7b1e30443..76d0c02f6 100644 --- a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml +++ b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml @@ -4,6 +4,8 @@ github-token: input: github-token is-default: true permissions: - pull-requests: write - pull-requests-reason: to comment on pull request + pull-requests: read + pull-requests-reason: to check code coverage of pr + issues: write + issues-reasons: to comment the code-coverage to pr #Reference: https://github.com/ArtiomTr/jest-coverage-report-action/blob/e1023a86c8d1ba542bfaa9a18a9efe55ef494c8a/src/typings/Options.ts From b38c82bca48945b68d52f6994eff500e4b6bd21d Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Mon, 12 Sep 2022 22:24:30 +0530 Subject: [PATCH 16/22] Update action-security.yml --- .../artiomtr/jest-coverage-report-action/action-security.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml index 76d0c02f6..5eacf83a0 100644 --- a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml +++ b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml @@ -7,5 +7,4 @@ github-token: pull-requests: read pull-requests-reason: to check code coverage of pr issues: write - issues-reasons: to comment the code-coverage to pr #Reference: https://github.com/ArtiomTr/jest-coverage-report-action/blob/e1023a86c8d1ba542bfaa9a18a9efe55ef494c8a/src/typings/Options.ts From 7d8604ebaa64ef4c14bec89106c9a86e48a466ce Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Mon, 12 Sep 2022 22:29:11 +0530 Subject: [PATCH 17/22] Update action-security.yml --- .../artiomtr/jest-coverage-report-action/action-security.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml index 5eacf83a0..3f8121b35 100644 --- a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml +++ b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml @@ -7,4 +7,5 @@ github-token: pull-requests: read pull-requests-reason: to check code coverage of pr issues: write + issues-reasons: to comment the codecoverage to pr #Reference: https://github.com/ArtiomTr/jest-coverage-report-action/blob/e1023a86c8d1ba542bfaa9a18a9efe55ef494c8a/src/typings/Options.ts From c4184f59159bda2d83779de35b687068cbe6d237 Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Tue, 13 Sep 2022 17:12:08 +0530 Subject: [PATCH 18/22] Update action-security.yml --- .../artiomtr/jest-coverage-report-action/action-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml index 3f8121b35..f80322801 100644 --- a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml +++ b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml @@ -7,5 +7,5 @@ github-token: pull-requests: read pull-requests-reason: to check code coverage of pr issues: write - issues-reasons: to comment the codecoverage to pr + issues-reason: to comment the codecoverage to pr #Reference: https://github.com/ArtiomTr/jest-coverage-report-action/blob/e1023a86c8d1ba542bfaa9a18a9efe55ef494c8a/src/typings/Options.ts From 729c1abb656562fdd3003d80bc7d8ff61017ff27 Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Tue, 13 Sep 2022 17:12:29 +0530 Subject: [PATCH 19/22] Update action-security.yml --- .../actions/megalinter/megalinter/action-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml index c2e678b48..4fe84c9be 100644 --- a/knowledge-base/actions/megalinter/megalinter/action-security.yml +++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml @@ -5,5 +5,5 @@ github-token: pull-requests: read pull-requests-reason: to analyse code consistency in pr issues: write - issues-reasons: to comment report summary + issues-reason: to comment report summary #Reference: https://github.com/step-security/secure-workflows/pull/1133/files/d4fcb60aea817162cd93d6b6fd6ff928a284f747#r968159151 From 3eaad83bc3e240b9b7e41c1851fdacc9669e50a4 Mon Sep 17 00:00:00 2001 From: Rohit Date: Wed, 14 Sep 2022 21:32:24 +0530 Subject: [PATCH 20/22] Add KBs for actions --- .../tomwillis608/detect-secrets-action/action-security.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml diff --git a/knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml b/knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml new file mode 100644 index 000000000..cad824df5 --- /dev/null +++ b/knowledge-base/actions/tomwillis608/detect-secrets-action/action-security.yml @@ -0,0 +1,2 @@ +name: "Easy detect-secrets" # tomwillis608/detect-secrets-action +# GITHUB_TOKEN not used From 90175021aa1187f40c1eb81957d8a16771ddc109 Mon Sep 17 00:00:00 2001 From: Rohit Date: Wed, 14 Sep 2022 23:38:13 +0530 Subject: [PATCH 21/22] Add Kbs for actions --- .../action-security.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml diff --git a/knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml b/knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml new file mode 100644 index 000000000..e11958eaf --- /dev/null +++ b/knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml @@ -0,0 +1,16 @@ +name: "Publish Unit Test Results" +github-token: + action-input: + input: github_token + is-default: true + permissions: + contents: read + contents-reason: to fetch code + issues: read + issues-reason: to get issues + checks: write + checks-reason: to check test results + pull-requests: write + pull-requests-reason: to post comment on PR + pull-requests-if: ${{ with['comment_mode'] != 'off' }} + #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions From e92579c2ec465ffb3c91956122f0762535813fa4 Mon Sep 17 00:00:00 2001 From: Rohit Kumar Singh <95624394+RksRocks@users.noreply.github.com> Date: Wed, 28 Sep 2022 22:58:19 +0530 Subject: [PATCH 22/22] Update action-security.yml --- .../composite/action-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml b/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml index e11958eaf..32f8a02ab 100644 --- a/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml +++ b/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml @@ -13,4 +13,4 @@ github-token: pull-requests: write pull-requests-reason: to post comment on PR pull-requests-if: ${{ with['comment_mode'] != 'off' }} - #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions + #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions