[slf4j-dev] [JIRA] Updates for SLF4J-553: Add GitHub token permissions for GitHub Actions workflow
QOS.CH (JIRA)
noreply-jira at qos.ch
Tue Jul 19 17:33:00 CEST 2022
SLF4J / SLF4J-553 [Open]
Add GitHub token permissions for GitHub Actions workflow
==============================
Here's what changed in this issue in the last few minutes.
This issue has been created
This issue is now assigned to you.
View or comment on issue using this link
https://jira.qos.ch/browse/SLF4J-553
==============================
Issue created
------------------------------
Varun Sharma created this issue on 19/Jul/22 5:19 PM
Summary: Add GitHub token permissions for GitHub Actions workflow
Issue Type: Improvement
Assignee: SLF4J developers list
Created: 19/Jul/22 5:19 PM
Environment:
GitHub Action workflow at
https://github.com/qos-ch/slf4j/blob/master/.github/workflows/main.yml
Priority: Major
Reporter: Varun Sharma
Description:
This work has been done as part of PR: [https://github.com/qos-ch/slf4j/pull/293]
GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows
* [https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/]
* [https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token]
* The Open Source Security Foundation (OpenSSF) [Scorecards|https://github.com/ossf/scorecard] treats not setting token permissions as a high-risk issue
==============================
This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59)
More information about the slf4j-dev
mailing list