Ensure not using pull_request_target event
For workflows that are triggered by the pull_request_target event, the GITHUB_TOKEN is granted read/write repository permission unless the permissions key is specified, and the workflow can access secrets, even when it is triggered from a fork.
Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC006
REMEDIATION
Remove pull_request_target
event
Read more:
Updated over 1 year ago