search

openwall / john-packages

Community packages of John the Ripper, the auditing tool and advanced offline password cracker (Docker images, Windows PortableApp, Mac OS, Flatpak, and Ubuntu SNAP packages)
https://www.openwall.com/john/
GNU General Public License v2.0
104 stars 18 forks source link

[StepSecurity] ci: Harden GitHub Actions #619

Closed step-security-bot closed 1 week ago

step-security-bot commented 1 week ago

Summary

This pull request is created by StepSecurity at the request of @claudioandre-br. Please merge the Pull Request to incorporate the requested changes. Please tag @claudioandre-br on your message if you have any questions related to the PR.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

claudioandre-br commented 1 week ago

mergeStateStatus is UNKNOWN. GUI is clean.

claudioandre-br commented 1 week ago

It works the way it was designed. The bot should only be run in trial mode.