secure-repo icon indicating copy to clipboard operation
secure-repo copied to clipboard

Published 20 hours ago verified publisher icon step-security

[KB] Add GitHub token permissions for johnwbyrd/update-release Action

Open step-security-bot opened this issue 2 years ago • 2 comments

Knowledge Base is missing for johnwbyrd/update-release.

step-security-bot avatar Oct 04 '22 02:10 step-security-bot

Analysis

Action Name: johnwbyrd/update-release
Action Type: Node
GITHUB_TOKEN Matches: token,GITHUB_TOKEN,TOKEN,github_token
Top language: TypeScript
Stars: 11
Private: false
Forks: 10

Endpoints Found

Endpoint Permission
git.createRef write
git.createTag write
git.getCommit read
git.updateRef write
repos.createRelease write
repos.delete write
repos.deleteRelease write
repos.deleteReleaseAsset write
repos.listReleases read
repos.listTags read
repos.uploadReleaseAsset write

FollowUp Links.

https://github.com/johnwbyrd/update-release/blob/1d5ec4791e40507e5eca3b4dbf90f0b27e7e4979/src/main.ts

action-security.yml

name: 'Update Release'
github-token:
  action-input:
    input: token
    is-default: false
  permissions:
    contents: write

step-security-bot avatar Oct 04 '22 02:10 step-security-bot

I have taken this issue

sph4674 avatar Oct 05 '22 16:10 sph4674