search

airbnb / lottie-web

Render After Effects animations natively on Web, Android and iOS, and React Native. http://airbnb.io/lottie/
MIT License
30.57k stars 2.87k forks source link

Set minimum permissions for workflows #3027

Open gabibguti opened 1 year ago

gabibguti commented 1 year ago

Hi! GitHub provides a setting in the repository to set restricted permissions when running workflows. Granting minimum access is a good security standard in general, but it's specially important in this case since workflows are granted higher permissions by default. Some permissions allow, for example, deleting your source code and publishing releases. That's why setting restricted permissions is a small but important addition.

If you agree to enable this setting, you can do so by following these instructions on setting restricted permissions when running workflows.

Additional context

This setting is considered good-practice and recommended by some security tools, such as Scorecards and StepSecurity.

My name is Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

gabibguti commented 1 year ago

Hey! Friendly ping here. This issue has been idle for quite some time. Do you plan on considering these changes? Otherwise we can close it as not planned. I will wait up to 2 more months to close the issue. Thanks!