Ensure the GitHub action is restricted
GitHub action permissions are restricted with allowed_actions set to selected, and others will implement a whitelist security policy
Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD013
REMEDIATION
- Change the GitHub action restrictions from
all
. - Enable the GitHub action permissions.
- Add restrictions to Github action settings.
SaaS:
In the repository setting in the Github site:
- Go to 'Actions'.
- Go to 'Workflow permissions'.
- Click on 'Read repository contents premission'.
Or,
- Go to 'Actions'.
- Go to 'Workflow permissions'.
- Go to 'General actions permissions'.
- Go to 'Policies'.
- In the list, choose 'All repositories'.
Read more:
Updated over 1 year ago