Joomla! Issue Tracker | Joomla! CMS #38144 - chore: Set permissions for GitHub actions

Fixed in Code Base
27 Jun 2022
Medium
Build: 4.2-dev
# 38144
Diff
turrisxyz:Pinned-Dependencies-GitHub

Pending

User tests: Successful: Unsuccessful:

nathannaveen
26 Jun 2022

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Signed-off-by: nathannaveen 42319948+nathannaveen@users.noreply.github.com

612e367 26 Jun 2022

chore: Set permissions for GitHub actions

nathannaveen - open - 26 Jun 2022

nathannaveen - change - 26 Jun 2022

Status

New

⇒

Pending

joomla-cms-bot - change - 26 Jun 2022

Category

⇒

Repository

HLeithner - close - 27 Jun 2022

HLeithner - merge - 27 Jun 2022

HLeithner - change - 27 Jun 2022

Status	Pending	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2022-06-27 13:01:06
Closed_By		⇒	HLeithner
Labels	Added: ?

HLeithner - comment - 27 Jun 2022

Thanks

richard67 - comment - 27 Jun 2022

I've reviewed the PR and the linked docs, too, and approve the changes.

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#38144] - chore: Set permissions for GitHub actions

Add a Comment