Skip to content

Commit 046a0e2

Browse files
naveensrinivasannaveensrinivasan
authored
Set permissions for GitHub actions (#1838)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. Signed-off-by: naveensrinivasan <[email protected]>
1 parent 0ac3035 commit 046a0e2

File tree

2 files changed

+6
-0
lines changed

2 files changed

+6
-0
lines changed

.github/workflows/build-dev.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ on:
1212
tags:
1313
- '*'
1414

15+
permissions:
16+
contents: read
17+
1518
jobs:
1619
nuget:
1720
runs-on: ubuntu-latest

.github/workflows/pull-request.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@ name: Build and test PRs
22

33
on: [pull_request]
44

5+
permissions:
6+
contents: read
7+
58
jobs:
69
test:
710
runs-on: windows-latest

0 commit comments

Comments
 (0)