DropPoint icon indicating copy to clipboard operation
DropPoint copied to clipboard

Published 20 hours ago verified publisher icon GameGodS3

Add token permissions for build.yml

Open Devils-Knight opened this issue 2 years ago • 0 comments

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

StepSecurity is working on securing GitHub workflows and OSSF Scorecards recommends using StepSecurity's secure-workflows online tool app.stepsecurity.io to improve the security of GitHub workflows.

We have fixed one of the repo's workflows for you by adding permissions for the involved jobs. You can secure the rest of the workflows for improved security by using the StepSecurity online tool at app.stepsecurity.io.

Devils-Knight avatar Mar 08 '22 22:03 Devils-Knight