Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(permissions): security enchanced #20

Merged
merged 4 commits into from
Mar 5, 2025
Merged

feat(permissions): security enchanced #20

merged 4 commits into from
Mar 5, 2025

Conversation

zMynxx
Copy link
Contributor

@zMynxx zMynxx commented Mar 3, 2025

After using this actions for a while, my code scanning tool notified me about a security improvement that can be applied here.

So I've decided to perform some trial and error, and suggest the following changes:

  • Added permissions block to limit the permissions use by this job. Only context & metadata are required for the secrets scanning.

@zMynxx
feat(permissions): security enchanced
064a932 
Added permissions block to limit the permissions use by this job. Only context & metadata are required for the secrets scanning.
@zMynxx zMynxx requested a review from a team as a code owner March 3, 2025 15:26
@agateau-gg
Copy link
Collaborator

Hi, thanks for this contribution. Can you share the content of the code scanning report? We don't have access to it because only owners of the project can read them.

I am not sure your changes would fix an issue in your project because the YAML file you changed is used when building the action, in this repository, not when using the action in another repository.

@zMynxx
Copy link
Contributor Author

zMynxx commented Mar 4, 2025

Hi, thanks for this contribution. Can you share the content of the code scanning report? We don't have access to it because only owners of the project can read them.

I am not sure your changes would fix an issue in your project because the YAML file you changed is used when building the action, in this repository, not when using the action in another repository.

Hey, you we're indeed correct. I jumped into the conclusion that the README workflow examples are the one in the repo.
Fixed.

Can't see any code scanning set up on the repo or at my fork, if you could point me at the right direction I'll happily do that.

@agateau-gg
Copy link
Collaborator

Hi, thanks for this contribution. Can you share the content of the code scanning report? We don't have access to it because only owners of the project can read them.
I am not sure your changes would fix an issue in your project because the YAML file you changed is used when building the action, in this repository, not when using the action in another repository.

Hey, you we're indeed correct. I jumped into the conclusion that the README workflow examples are the one in the repo. Fixed.

Thanks, this looks good.

Can't see any code scanning set up on the repo or at my fork, if you could point me at the right direction I'll happily do that.

I was referring to the description of your pull request. You said:

After using this actions for a while, my code scanning tool notified me about a security improvement that can be applied here.

But the "notified" link does not work for me because it's limited to owners of the zMynx/aws-lambda-calculator repository. I would be interested to have a look at what the tool said there.

@zMynxx
Copy link
Contributor Author

zMynxx commented Mar 5, 2025

Hi, thanks for this contribution. Can you share the content of the code scanning report? We don't have access to it because only owners of the project can read them.
I am not sure your changes would fix an issue in your project because the YAML file you changed is used when building the action, in this repository, not when using the action in another repository.

Hey, you we're indeed correct. I jumped into the conclusion that the README workflow examples are the one in the repo. Fixed.

Thanks, this looks good.

Can't see any code scanning set up on the repo or at my fork, if you could point me at the right direction I'll happily do that.

I was referring to the description of your pull request. You said:

After using this actions for a while, my code scanning tool notified me about a security improvement that can be applied here.

But the "notified" link does not work for me because it's limited to owners of the zMynx/aws-lambda-calculator repository. I would be interested to have a look at what the tool said there.

Roger Roger.
couldn't export the code scan report, but here's a few screenshots with the information.
Screenshot 2025-03-05 at 11 34 29
Screenshot 2025-03-05 at 11 34 49

agateau-gg
agateau-gg approved these changes Mar 5, 2025
View reviewed changes
Copy link
Collaborator

@agateau-gg agateau-gg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks!

@agateau-gg agateau-gg merged commit 27471f1 into GitGuardian:master Mar 5, 2025
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agateau-gg agateau-gg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zMynxx @agateau-gg