Guides

Ensure not using pull_request_target event

For workflows that are triggered by the pull_request_target event, the GITHUB_TOKEN is granted read/write repository permission unless the permissions key is specified, and the workflow can access secrets, even when it is triggered from a fork.

Suggest Edits

Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC006

REMEDIATION

Remove pull_request_target event

Read more:

Updated about 1 year ago