Hi, as mentioned through email, this PR solves the Token-Permissions check.
The security reason of specifying the permissions for the workflows is that GitHub, for default, grant write-all permission, which could be exploited in case of the workflow got compromised.
Thus, it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.
Hi, as mentioned through email, this PR solves the Token-Permissions check.
The security reason of specifying the permissions for the workflows is that GitHub, for default, grant write-all permission, which could be exploited in case of the workflow got compromised.
Thus, it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.
Workflow run with minimal permission: