ua-parser-js icon indicating copy to clipboard operation
ua-parser-js copied to clipboard

Published 20 hours ago verified publisher icon faisalman

ci: add GitHub token permissions for workflow

Open varunsh-coder opened this issue 1 year ago • 0 comments

This PR adds minimum token permissions for the GITHUB_TOKEN using https://github.com/step-security/secure-workflows.

GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows

  • https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
  • https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
  • The Open Source Security Foundation (OpenSSF) Scorecards treats not setting token permissions as a high-risk issue

This project is part of the top 100 critical projects as per OpenSSF (https://github.com/ossf/wg-securing-critical-projects), so fixing the token permissions to improve security.

Signed-off-by: Varun Sharma [email protected]

varunsh-coder avatar Jul 11 '22 14:07 varunsh-coder