.github: workflows: restrict top-level workflow permissions

OFS / linux-dfl-backport

Backport version of the linux-dfl (Device Feature List) kernel driver for FPGA devices. This is an out-of-tree driver, designed to be built, packaged, and installed as a stand-alone set of driver modules.

GNU General Public License v2.0

3 stars 11 forks source link

.github: workflows: restrict top-level workflow permissions #139

Closed pcolberg closed 2 months ago

pcolberg commented 2 months ago

Only permit reading the repository contents by default, and set further privileges at the job level to satisfy OpenSSF Scorecard criteria.

Link: https://github.com/ossf/scorecard/blob/9ff40de429d0c7710076070387c8755494a9f187/docs/checks.md#token-permissions Link: https://securityscorecards.dev/viewer/?uri=github.com/OFS/linux-dfl-backport