logback / LOGBACK-1648 [Open] Add GitHub token permissions for GitHub Actions workflow
============================== Here's what changed in this issue in the last few minutes. This issue has been created This issue is now assigned to you. View or comment on issue using this link https://jira.qos.ch/browse/LOGBACK-1648 ============================== Issue created ------------------------------ Varun Sharma created this issue on 19/Jul/22 7:16 PM Summary: Add GitHub token permissions for GitHub Actions workflow Issue Type: Improvement Assignee: Logback dev list Created: 19/Jul/22 7:16 PM Environment: https://github.com/qos-ch/logback/blob/master/.github/workflows/main.yml Priority: Major Reporter: Varun Sharma Description: This work has been done as part of PR: https://github.com/qos-ch/logback/pull/579 GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows * [https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/] * [https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token] * The Open Source Security Foundation (OpenSSF) [Scorecards|https://github.com/ossf/scorecard] treats not setting token permissions as a high-risk issue ============================== This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59) _______________________________________________ logback-dev mailing list logback-dev@qos.ch http://mailman.qos.ch/mailman/listinfo/logback-dev
