NB: Before opening a feature request against this repo, consider whether the feature should be available across all languages in the OpenCensus libraries. If so, please open an issue on opencensus-specs first.
No need of being available across all languages.
Is your feature request related to a problem? If so, please describe it.
Hi, I'm opening this issue on behalf of Google and the OpenSSF.
There is a known risky behavior of Github Workflows that all permissions are set to write if none are specified. Thus, it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.
Describe the solution you'd like.
I would like to suggest a PR defining the top level permission as read only and the run level permissions as needed to all the project's workflows.
No need of being available across all languages.
Is your feature request related to a problem? If so, please describe it.
Hi, I'm opening this issue on behalf of Google and the OpenSSF.
There is a known risky behavior of Github Workflows that all permissions are set to write if none are specified. Thus, it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.
Describe the solution you'd like.
I would like to suggest a PR defining the top level permission as read only and the run level permissions as needed to all the project's workflows.
Let me know if the PR is welcome.
Describe alternatives you've considered.
None.
Additional context.
None