search

qos-ch / slf4j

Simple Logging Facade for Java
http://www.slf4j.org
MIT License
2.35k stars 990 forks source link

ci: add GitHub token permissions for workflow #293

Closed varunsh-coder closed 2 years ago

varunsh-coder commented 2 years ago

This PR adds minimum token permissions for the GITHUB_TOKEN using https://github.com/step-security/secure-workflows.

GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows

This project is part of the top 100 critical projects as per OpenSSF (https://github.com/ossf/wg-securing-critical-projects), so fixing the token permissions to improve security.

Signed-off-by: Varun Sharma varunsh@stepsecurity.io

varunsh-coder commented 2 years ago

Created JIRA issue as per README file: https://jira.qos.ch/browse/SLF4J-553

varunsh-coder commented 2 years ago

Thanks @ceki! I had also created a PR for logback project. https://github.com/qos-ch/logback/pull/579