Closed ceki closed 2 years ago
Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma varunsh@stepsecurity.io
GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows.
See: GitHub Actions: Control permissions for GITHUB_TOKEN About the GITHUB_TOKEN secret
The Open Source Security Foundation (OpenSSF) Scorecards treats not setting token permissions as a high-risk issue
Fixed in baf4eab6
Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma varunsh@stepsecurity.io
GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows.
See: GitHub Actions: Control permissions for GITHUB_TOKEN About the GITHUB_TOKEN secret
The Open Source Security Foundation (OpenSSF) Scorecards treats not setting token permissions as a high-risk issue