talend-allstar-instance[bot]
commented
1 year ago Reopening issue. See its status below.
Project is out of compliance with Security Scorecards policy
Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
Results from policy: Token-Permissions : non read-only tokens detected in GitHub workflows
- .github/workflows/main.yml[1]:no topLevel permission defined
- .github/workflows/main.yml[1]:not a publishing workflow: .github/workflows/main.yml
- .github/workflows/main.yml[1]:not a releasing workflow: .github/workflows/main.yml
- .github/workflows/main.yml[1]:not a GitHub Pages deployment workflow: .github/workflows/main.yml
- .github/workflows/main.yml[1]:not a codeql workflow
- .github/workflows/main.yml[1]:not a codeql upload SARIF workflow
- .github/workflows/main.yml[9]:no jobLevel permission defined
This issue was automatically created by Allstar.
Security Policy Violation Project is out of compliance with Security Scorecards policy
Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
Results from policy: Token-Permissions : non read-only tokens detected in GitHub workflows
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.