Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add minimum permissions to workflow #118

Closed
gabibguti opened this issue Feb 24, 2023 · 2 comments · Fixed by #119
Closed

Add minimum permissions to workflow #118

gabibguti opened this issue Feb 24, 2023 · 2 comments · Fixed by #119

Comments

@gabibguti
Copy link
Contributor

Adding minimum permissions to your workflows help keep your repository safe against supply-chain attacks. I see the repo only uses one workflow test.yml for testing and this workflow just needs contents: read permission to run actions/checkout. If you agree with these changes, I can open a PR!

This is considered good-practice and recommended by GitHub itself and other security tools, such as Scorecards and StepSecurity.

Additional context

I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
@willf
Copy link
Collaborator

willf commented Feb 24, 2023

I like it!

@lemire
Copy link
Member

lemire commented Feb 24, 2023

It is not controversial.

Go !!!

@gabibguti gabibguti mentioned this issue Feb 24, 2023
Merged
@gabibguti gabibguti mentioned this issue May 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add minimum permissions to test.yml gabibguti/bitset
3 participants
@willf @lemire @gabibguti