Ensure not using permissions to write all
By specifying the permission within a job definition, you can configure a different set of permissions for the GITHUB_TOKEN for each job. A malicious actor can overwrite the code through writing permissions.
Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC009
REMEDIATION
Change permissions
'read' or 'none'
Read more:
Updated over 1 year ago