[KB] Add GitHub token permissions for zaproxy/action-full-scan Action

step-security / secure-repo

Orchestrate GitHub Actions Security

https://app.stepsecurity.io

GNU Affero General Public License v3.0

256 stars 41 forks source link

[KB] Add GitHub token permissions for zaproxy/action-full-scan Action #1173

Closed step-security-bot closed 2 years ago

step-security-bot commented 2 years ago

Knowledge Base is missing for zaproxy/action-full-scan.

step-security-bot commented 2 years ago

Analysis

Action Name: zaproxy/action-full-scan
Action Type: Node
GITHUB_TOKEN Matches: token,TOKEN,GITHUB_TOKEN,Token
Top language: JavaScript
Stars: 165
Private: false
Forks: 38

Endpoints Found

Endpoint	Permission

FollowUp Links.

https://github.com/zaproxy/action-full-scan/blob/6eade0f93b10fad8cfb4e63b979703a2cbd0cc98/index.js

action-security.yml

name: 'OWASP ZAP Full Scan'
github-token:
  action-input:
    input: token
    is-default: true
  permissions: