[logback-dev] [JIRA] Updates for LOGBACK-1648: Add GitHub token permissions for GitHub Actions workflow
QOS.CH (JIRA)
noreply-jira at qos.ch
Tue Jul 19 19:28:00 CEST 2022
logback / LOGBACK-1648 [Open]
Add GitHub token permissions for GitHub Actions workflow
==============================
Here's what changed in this issue in the last few minutes.
This issue has been created
This issue is now assigned to you.
View or comment on issue using this link
https://jira.qos.ch/browse/LOGBACK-1648
==============================
Issue created
------------------------------
Varun Sharma created this issue on 19/Jul/22 7:16 PM
Summary: Add GitHub token permissions for GitHub Actions workflow
Issue Type: Improvement
Assignee: Logback dev list
Created: 19/Jul/22 7:16 PM
Environment: https://github.com/qos-ch/logback/blob/master/.github/workflows/main.yml
Priority: Major
Reporter: Varun Sharma
Description:
This work has been done as part of PR: https://github.com/qos-ch/logback/pull/579
GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows
* [https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/]
* [https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token]
* The Open Source Security Foundation (OpenSSF) [Scorecards|https://github.com/ossf/scorecard] treats not setting token permissions as a high-risk issue
==============================
This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59)
More information about the logback-dev
mailing list