nipype
nipype copied to clipboard
nipy
GitHub Workflows security hardening
This PR adds explicit permissions section to workflows. This is a security best practice because by default workflows run with extended set of permissions (except from on: pull_request from external forks). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection or compromised third party tool or action) is restricted.
It is recommended to have most strict permissions on the top level and grant write permissions on job level case by case.
Codecov Report
Base: 65.28% // Head: 65.28% // No change to project coverage :thumbsup:
Coverage data is based on head (
a8e62c7) compared to base (5d436ba). Patch has no changes to coverable lines.
Additional details and impacted files
@@ Coverage Diff @@
## master #3519 +/- ##
=======================================
Coverage 65.28% 65.28%
=======================================
Files 309 309
Lines 40873 40873
Branches 5381 5381
=======================================
Hits 26684 26684
Misses 13111 13111
Partials 1078 1078
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 65.03% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for bumping this. I've merged master in so we can see what it looks like. I'm not sure if it failed to run before or if the checks just expired.
