StepSecurity Bot comments

Results 109 comments of


                                            StepSecurity Bot

[KB] Add GitHub token permissions for peter-evans/dockerhub-description Action

### Analysis ```yml Action Name: peter-evans/dockerhub-description Action Type: Node GITHUB_TOKEN Matches: Token,token Top language: TypeScript Stars: 196 Private: false Forks: 33 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add GitHub token permissions for martijnhols/actions-cache/check Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'Cache > Check' # martijnhols/actions-cache/check # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for martijnhols/actions-cache/save Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'Cache > Save' # martijnhols/actions-cache/save # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for EndBug/add-and-commit Action

### Analysis ```yml Action Name: EndBug/add-and-commit Action Type: Node GITHUB_TOKEN Matches: token,github_token,GITHUB_TOKEN,Token Top language: TypeScript Stars: 649 Private: false Forks: 83 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add GitHub token permissions for arduino/compile-sketches Action

### Analysis ```yml Action Name: arduino/compile-sketches Action Type: Composite GITHUB_TOKEN Matches: token,github-token,GITHUB_TOKEN,github_token,GITHUB-TOKEN Stars: 33 Private: false Forks: 9 ```

[KB] Add GitHub token permissions for bigbinary/changelog-updater-action Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'Changelog Updater' # bigbinary/changelog-updater-action # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for apache/skywalking-eyes/header Action

### Analysis ```yml Action Name: apache/skywalking-eyes/header Action Type: Docker GITHUB_TOKEN Matches: token,GITHUB_TOKEN Stars: 160 Private: false Forks: 48 ```

[KB] Add GitHub token permissions for fluxcd/pkg/actions/kustomize Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: Setup kustomize CLI # fluxcd/pkg/actions/kustomize # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for gulpjs/prettier_action Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: Prettier Action # gulpjs/prettier_action # GITHUB_TOKEN not used ```

[KB] Add GitHub token permissions for fluxcd/pkg//actions/crdjsonschema Action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'crdjsonschema' # fluxcd/pkg//actions/crdjsonschema # GITHUB_TOKEN not used ```