Restrict job permissions in GitHub actions workflows
Restrict the GitHub token permissions only to the required ones, i.e. just read-only access to the code. This is done in order to reduce the potential harm in case of a malicious pull request, see GitHub blog post at https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> Closes #22574.
This commit is contained in:
naveen
Vadim Zeitlin
parent
d5ed77da53
commit
64add326f6
7 changed files with 21 additions and 0 deletions
3
.github/workflows/code_checks.yml
vendored
3
.github/workflows/code_checks.yml
vendored
|
|
@ -9,6 +9,9 @@ on:
|
|||
branches:
|
||||
- master
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
check-unix:
|
||||
runs-on: ubuntu-20.04
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue