search

score-spec / score-go

Reference library for parsing and loading Score files
Apache License 2.0
26 stars 6 forks source link

Update ci.yml - explicit contents read permission #63

Closed mathieu-benoit closed 3 days ago

mathieu-benoit commented 3 days ago

Token-Permissions OpenSSF Scorecard check

Reason: detected GitHub workflow tokens with excessive permissions

Warn: no topLevel permission defined: .github/workflows/ci.yml:1: Visit https://app.stepsecurity.io/secureworkflow/score-spec/score-go/ci.yml/main?enable=permissions
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options