StepSecurity Bot comments

Results 109 comments of


                                            StepSecurity Bot

[KB] Add GitHub token permissions for arduino/report-size-deltas Action

### Analysis ```yml Action Name: arduino/report-size-deltas Action Type: Docker GITHUB_TOKEN Matches: github-token,github_token,token,GITHUB_TOKEN Stars: 8 Private: false Forks: 5 ```

[KB] Add GitHub token permissions for mnajdova/github-action-required-labels Action

### Analysis ```yml Action Name: mnajdova/github-action-required-labels Action Type: Node GITHUB_TOKEN Matches: GITHUB_TOKEN Top language: JavaScript Stars: 0 Private: false Forks: 0 ``` ### action-security.yml

[KB] Add GitHub token permissions for svenstaro/upload-release-action Action

### Analysis ```yml Action Name: svenstaro/upload-release-action Action Type: Node GITHUB_TOKEN Matches: repo_token,token,GITHUB_TOKEN,TOKEN Top language: TypeScript Stars: 349 Private: false Forks: 61 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add GitHub token permissions for RustCrypto/actions/cargo-cache Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: "cargo-cache" # RustCrypto/actions/cargo-cache # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for jupyterhub/repo2docker-action Action

### Analysis ```yml Action Name: jupyterhub/repo2docker-action Action Type: Docker GITHUB_TOKEN Matches: token,github-token,GITHUB_TOKEN Stars: 117 Private: false Forks: 20 ```

[KB] Add GitHub token permissions for reviewdog/action-staticcheck Action

### Analysis ```yml Action Name: reviewdog/action-staticcheck Action Type: Composite GITHUB_TOKEN Matches: github_token,GITHUB_TOKEN,token Stars: 20 Private: false Forks: 2 ```

[KB] Add GitHub token permissions for nrwl/nx-set-shas Action

### Analysis ```yml Action Name: nrwl/nx-set-shas Action Type: Composite GITHUB_TOKEN Matches: GITHUB_TOKEN,token Stars: 65 Private: false Forks: 19 ```

[KB] Add GitHub token permissions for nosborn/github-action-markdown-cli Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: markdownlint-cli # nosborn/github-action-markdown-cli # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for cygwin/cygwin-install-action Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: Install Cygwin Action # cygwin/cygwin-install-action # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for GabrielBB/xvfb-action Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'gabrielbb/xvfb-action' # GabrielBB/xvfb-action # GITHUB_TOKEN not used ```