Ensure the GitHub action is restricted

GitHub action permissions are restricted with allowed_actions set to selected, and others will implement a whitelist security policy

Suggest Edits

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD013

REMEDIATION

  1. Change the GitHub action restrictions from all.
  2. Enable the GitHub action permissions.
  3. Add restrictions to Github action settings.

SaaS:

In the repository setting in the Github site:

  1. Go to 'Actions'.
  2. Go to 'Workflow permissions'.
  3. Click on 'Read repository contents premission'.

Or,

  1. Go to 'Actions'.
  2. Go to 'Workflow permissions'.
  3. Go to 'General actions permissions'.
  4. Go to 'Policies'.
  5. In the list, choose 'All repositories'.

Read more:

Updated 7 months ago