secure-repo icon indicating copy to clipboard operation
secure-repo copied to clipboard

Published 20 hours ago verified publisher icon step-security

[KB] Add GitHub token permissions for svenstaro/upload-release-action Action

Open step-security-bot opened this issue 3 years ago • 2 comments

Knowledge Base is missing for svenstaro/upload-release-action.

step-security-bot avatar Oct 12 '22 21:10 step-security-bot

Analysis

Action Name: svenstaro/upload-release-action
Action Type: Node
GITHUB_TOKEN Matches: repo_token,token,GITHUB_TOKEN,TOKEN
Top language: TypeScript
Stars: 349
Private: false
Forks: 61

Endpoints Found

Endpoint Permission
repos.createRelease write
repos.delete write
repos.deleteRelease write
repos.deleteReleaseAsset write
repos.get read
repos.getRelease read
repos.getReleaseByTag read
repos.listReleaseAssets read
repos.uploadReleaseAsset write

FollowUp Links.

https://github.com/svenstaro/upload-release-action/blob/4e5de2077753aa547cb9ca80caa0f77bf18f6bfb/src/main.ts

action-security.yml

name: 'Upload files to a GitHub release'
github-token:
  action-input:
    input: repo_token
    is-default: true
  permissions:
    contents: write

step-security-bot avatar Oct 12 '22 21:10 step-security-bot

I have taken this issue

vandana41 avatar Oct 13 '22 03:10 vandana41