Ensure not using permissions to write all

By specifying the permission within a job definition, you can configure a different set of permissions for the GITHUB_TOKEN for each job. A malicious actor can overwrite the code through writing permissions.

Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC009


Change permissions 'read' or 'none'

Read more: