Varun Sharma

icon indicating a website link https://www.stepsecurity.io

icon company StepSecurity icon location Seattle, WA icon location CEO/Co-Founder @step-security

Results 62 issues of Varun Sharma

Investigate checkspelling token leak

https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md

incident

Add info about secure workflow website - action pinning

Add info about secure workflow website - token perms

Add Harden Runner GitHub Action

Please add the Harden Runner GitHub Action https://github.com/step-security/harden-runner to the awesome-actions list. Thanks!

ci: add minimum GitHub token permissions for workflows

1 comment

### Description This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using https://github.com/step-security/secure-workflows. GitHub Actions workflows have a GITHUB_TOKEN with `write` access to multiple scopes. Here...

size/S
area/github

ci: add minimum GitHub token permissions for workflows

### Description This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using https://github.com/step-security/secure-workflows. GitHub Actions workflows have a GITHUB_TOKEN with `write` access to multiple scopes. Here...

[GitHub] Add minimum GitHub token permission for workflow

1 comment

## Description This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using https://github.com/step-security/secure-workflows. All GitHub Actions workflows have a GITHUB_TOKEN with `write` access to multiple scopes....

Add minimum GitHub token permissions for workflows

## Description This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using https://github.com/step-security/secure-workflows. GitHub Actions workflows have a GITHUB_TOKEN with `write` access to multiple scopes. Here...

ci: add GitHub token permissions for workflows

3 comment

This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using https://github.com/step-security/secure-workflows. GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows - https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ - https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token...

ci: add GitHub token permissions for workflow

2 comment

This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using https://github.com/step-security/secure-workflows. GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows - https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ - https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token...

CLA Signed