CodeCoverageSummary icon indicating copy to clipboard operation
CodeCoverageSummary copied to clipboard

Published 20 hours ago verified publisher icon irongut

Restrict token permissions for Auto Assign PR

Open irongut opened this issue 3 years ago • 0 comments

Feature Request

The Auto Assign PR workflow doesn't have GitHub token permissions specified because it uses an Action not in the StepSecurity database.

Expected Behaviour

All workflows should restrict the GitHub token permissions.

Additional Context

Linked To

#49 Implement StepSecurity Secure Workflows (audit) #51 Implement StepSecurity Secure Workflows (policy)

irongut avatar Aug 05 '22 22:08 irongut