Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set top level permissions to cifuzz workflow #3317

Closed
joycebrum opened this issue Feb 24, 2023 · 1 comment · Fixed by #3328
Closed

Set top level permissions to cifuzz workflow #3317

joycebrum opened this issue Feb 24, 2023 · 1 comment · Fixed by #3328

Comments

@joycebrum
Copy link
Contributor

Hi I'm from Google and the OpenSSF and I work on helping open source projects to increase their supply chain security.

The problem

A quick explanation of the problem: Github workflows by default grant all write permissions to GITHUB_TOKEN, which could be exploit by an attacker if the workflow got compromised.

It is a default behavior of github workflows to grant write permissions to all permissions, thus it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.

Description

I've notice that all the other workflows except cifuzz are using minimally scoped permissions, which is really great to see! I would like to suggest a PR just to also set the permissions to cifuzz. Let me know if the PR is welcome.
@vitaut
Copy link
Contributor

vitaut commented Feb 24, 2023

Thanks for bringing this to our attention. A PR is definitely welcome!

@joycebrum joycebrum mentioned this issue Feb 27, 2023
Merged
@vitaut vitaut added question and removed question labels Apr 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: set permission to cifuzz.yml
2 participants
@vitaut @joycebrum