secure-repo icon indicating copy to clipboard operation
secure-repo copied to clipboard

Published 20 hours ago verified publisher icon step-security

[KB] Add GitHub token permissions for richardsimko/update-tag Action

Open step-security-bot opened this issue 3 years ago • 2 comments

Knowledge Base is missing for richardsimko/update-tag.

step-security-bot avatar Oct 04 '22 02:10 step-security-bot

Analysis

Action Name: richardsimko/update-tag
Action Type: Node
GITHUB_TOKEN Matches: GITHUB_TOKEN
Top language: JavaScript
Stars: 16
Private: false
Forks: 8

Endpoints Found

Endpoint Permission
git.createRef write
git.getRef read
git.updateRef write

FollowUp Links.

https://github.com/richardsimko/update-tag/blob/5bd0e05b035e02d5da3768dbdcfc4e5e0908623e/src/main.js

action-security.yml

name: "Update Tag"
github-token:
  environment-variable-name: <FigureOutYourself>
    is-default: false
  permissions:
    contents: write

step-security-bot avatar Oct 04 '22 02:10 step-security-bot

I have taken this issue

vandana41 avatar Oct 06 '22 02:10 vandana41