Closed raima-zachariah closed 3 years ago
The API token exposed is a push only API token that was exposed to resolve issue #62.
The API token will be restricted from reading anything about the project or editing existing information. https://docs.fossa.com/docs/api-reference#push-only-api-token
Thank you for the response with the clarification.
It has been noticed that while using fossa-contrib/fossa-action@v1 your fossa-api-key e389dc57bff085a023f902db8e9854cb is present in plaintext. Please ensure that secrets are encrypted or not passed as plain text in github workflows.