search

graphite-project / graphite-web

A highly scalable real-time graphing system
http://graphite.readthedocs.org/
Apache License 2.0
5.89k stars 1.26k forks source link

chore: Set permissions for GitHub actions #2757

Closed naveensrinivasan closed 2 years ago

naveensrinivasan commented 2 years ago

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Signed-off-by: naveen 172697+naveensrinivasan@users.noreply.github.com

deniszh commented 2 years ago

Sorry, that change doesn't work, looks like readonly access is not enough.

naveensrinivasan commented 2 years ago

I understand. I am going to close this for now. Thanks