secure-repo icon indicating copy to clipboard operation
secure-repo copied to clipboard

Published 20 hours ago verified publisher icon step-security

[KB] Add GitHub token permissions for fossa-contrib/fossa-action Action

Open step-security-bot opened this issue 2 years ago • 2 comments

Knowledge Base is missing for fossa-contrib/fossa-action.

step-security-bot avatar Oct 20 '22 15:10 step-security-bot

Analysis

Action Name: fossa-contrib/fossa-action
Action Type: Node
GITHUB_TOKEN Matches: token,github-token
Top language: TypeScript
Stars: 15
Private: false
Forks: 4

Endpoints Found

Endpoint Permission
repos.get read
repos.getLatestRelease read

FollowUp Links.

https://github.com/fossa-contrib/fossa-action/blob/604bd99dc124e37e4d72b4b078b82fbb3028491b/src/constants.ts https://github.com/fossa-contrib/fossa-action/blob/784fe13702de8f8ebc27d23d8ec865e6afb6be01/src/installer.ts https://github.com/fossa-contrib/fossa-action/blob/784fe13702de8f8ebc27d23d8ec865e6afb6be01/src/index.ts

action-security.yml

name: Fossa Action
github-token:
  action-input:
    input: token
    is-default: true
  permissions:
    contents: read

step-security-bot avatar Oct 20 '22 15:10 step-security-bot

I have taken this issue

sph4674 avatar Oct 20 '22 16:10 sph4674