At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of permissions needed by different GitHub Actions. When developers try to remediate ossf/Scorecards checks, they use the knowledge-base to secure their GitHub Workflows.
Below you can see the KB of this action.
name: 'GitHub Action for git commit' # ljharb/actions-js-build/commit
# GITHUB_TOKEN not used
This issue is automatically created by our analysis bot, feel free to close after reading :)
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of permissions needed by different GitHub Actions. When developers try to remediate ossf/Scorecards checks, they use the knowledge-base to secure their GitHub Workflows. Below you can see the KB of this action.
This issue is automatically created by our analysis bot, feel free to close after reading :)