Cindy Hill

icon location Product Security Engineer and Scrum Master.Driver for Secure Software Development and Advocate for Security awareness and training. Automation & Improvement

Results 10 issues of Cindy Hill

Potential fix for code scanning alert no. 1: Workflow does not contain permissions

Potential fix for [https://github.com/github/freno-client/security/code-scanning/1](https://github.com/github/freno-client/security/code-scanning/1) The best way to fix this issue is to add an explicit `permissions` key to the workflow, set to the minimal required privilege. In this case,...

Potential fixes for 2 code scanning alerts

- https://github.com/github/prettier-config/security/code-scanning/2 To fix the issue, add a `permissions` block with explicit least privilege to the `publish-npm` job. As the job only needs to publish to npm (using a personal...

Potential fix for code scanning alert no. 2: Workflow does not contain permissions

Potential fix for [https://github.com/github/gemoji/security/code-scanning/2](https://github.com/github/gemoji/security/code-scanning/2) The ideal fix is to add an explicit `permissions` block to the workflow to restrict the GITHUB_TOKEN to only the minimal necessary permissions required by the...

Potential fixes for 2 code scanning alerts

As part of the organization's transition to default read-only permissions for the GITHUB_TOKEN, this pull request addresses a missing permission in the workflow that triggered a code scanning alert. This...

Please define actions workflow permissions

## Workflow permissions improvement There are **5 workflow files** that are currently lacking explicit permissions ### Affected Workflow Files The following workflow files need permissions to be explicitly defined: -...

Potential fixes for 2 code scanning alerts

Potential fixes for 2 code scanning alerts from the [Copilot AutoFix: Missing Permissions in Workflows](https://github.com/orgs/github/security/campaigns/20) security campaign: - https://github.com/github/auto-check-element/security/code-scanning/2 To fix the problem, you should add a `permissions:` block with...

Potential fixes for 2 code scanning alerts

Potential fixes for 2 code scanning alerts from the [Copilot AutoFix: Missing Permissions in Workflows](https://github.com/orgs/github/security/campaigns/21) security campaign: - https://github.com/github/g-emoji-element/security/code-scanning/3 To fix this issue, we should explicitly add a `permissions` key...

Potential fix for code scanning alert no. 2: Workflow does not contain permissions

Potential fix for [https://github.com/github/combobox-nav/security/code-scanning/2](https://github.com/github/combobox-nav/security/code-scanning/2) To fix the problem, add an explicit `permissions` block defining the minimum needed permissions for this workflow. Since the workflow only checks out code and runs...

Potential fix for code scanning alert no. 1: Workflow does not contain permissions

Potential fix for [https://github.com/github/chatops-controller/security/code-scanning/1](https://github.com/github/chatops-controller/security/code-scanning/1) The best way to fix this problem is to add a `permissions:` block to the workflow, specifying the minimum required privilege. Since the workflow only needs...

Potential fixes for 3 code scanning alerts

Potential fixes for 3 code scanning alerts from the [Copilot AutoFix: Missing Permissions in Workflows](https://github.com/orgs/github/security/campaigns/21) security campaign: - https://github.com/github/catalyst/security/code-scanning/5 To fix the problem, we should add a `permissions:` block specifying...