search

akheron / jansson

C library for encoding, decoding and manipulating JSON data
http://www.digip.org/jansson/
Other
3.02k stars 807 forks source link

feat: Add minimum permissions to workflows #643

Closed gabibguti closed 10 months ago

gabibguti commented 1 year ago

Add minimum permissions to GitHub workflows is important to protect your repository against supply-chain attacks. The fuzz.yml workflow just needs minimum permissions contents: read and tests.yml needs a special permission only for the coveralls job. By default, GitHub gives higher permissions to workflows but recommends adjusting them.

This is considered good-practice and is also recommended by other security tools, such as Scorecards and StepSecurity.

Additional Context

I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :) If you agree with the changes, I can open a PR.

gabibguti commented 1 year ago

Hi! Friendly ping here. This issue has been idle for quite some time. Do you plan on considering these changes? If yes, please let me know! Otherwise I will wait up to 2 more months to close the issue. Thanks!

gabibguti commented 10 months ago

Hey! Just to let you know I'm closing this issue. If you want to consider this change, please reopen :)