Set minimum permissions to workflows #132

gabibguti · 2023-03-20T13:28:56Z

Setting minimum permissions to workflows is important to keep your repository safe against supply-chain attacks. I would like us to enforce least privilege access to workflows in the repository, similar to uber-go/multierr#76. The minimum permissions for the workflows, fossa.yaml and go.yml, would be contents: read. Let me know if you agree with the changes and if you'd like to implement them, as done in uber-go/multierr, or otherwise I'm available to implement too.

Additional context

I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

The text was updated successfully, but these errors were encountered:

Set only read permission on CI workflows since they don't need write access. Fixes uber-go#132.

Set only read permission on CI workflows since they don't need write access. Fixes #132.

sywhang added a commit to sywhang/atomic that referenced this issue Mar 20, 2023

Minimize permissions to CI workflows

49806f2

Set only read permission on CI workflows since they don't need write access. Fixes uber-go#132.

sywhang mentioned this issue Mar 20, 2023

Minimize permissions to CI workflows #133

Merged

r-hang closed this as completed in #133 Mar 20, 2023

r-hang pushed a commit that referenced this issue Mar 20, 2023

Minimize permissions to CI workflows (#133)

544d6aa

Set only read permission on CI workflows since they don't need write access. Fixes #132.

gabibguti mentioned this issue Apr 4, 2023

Add Security Policy #134

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set minimum permissions to workflows #132

Set minimum permissions to workflows #132

gabibguti commented Mar 20, 2023

Set minimum permissions to workflows #132

Set minimum permissions to workflows #132

Comments

gabibguti commented Mar 20, 2023

Additional context