Eddie Knight

Thanks @spencerschrock, I think it's a good idea to shift the change into the calculate function instead.

Thanks @spencerschrock! I raised packages as a suggestion for discussion on #2338 so we can make a PR for that as well if there is agreement

Facing the same issue, though I have two actions that were caught by the same check: one from helm, and one from a community creator. Perhaps we can publish a...

The code [is in place](https://github.com/ossf/scorecard/blob/7f214bf2eb540f7f60e441245bb554ea13d5dc5e/checks/raw/permissions.go#L332-L347) right now for whitelisting. We can scrap that code and move to a wholesale "check it yourself" if we want, but I'm not in a...

I'm looking into this today, with an aim to add a check warning to jobs that contain write permission without deducting points.

Created the PR linked above to specifically address jobs using `contents:write`, since that is the more widespread usage in jobs. I noticed that [Chaos Mesh](https://github.com/chaos-mesh/chaos-mesh/pull/3700) is using `packages: write` and...

Added a PR to address Chaos Mesh & K8gb requirements... recommend reopening this issue if we need more discussion on the topic.

- [x] Security policy

The `Token-Permissions` check is actively being refined right now, so we shouldn't put too much thought into that until this issue closes: https://github.com/ossf/scorecard/issues/2338

The need for this issue was raised during the planning meeting for #273