Ensure not using permissions to write all

By specifying the permission within a job definition, you can configure a different set of permissions for the GITHUB_TOKEN for each job. A malicious actor can overwrite the code through writing permissions.

Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC009

REMEDIATION

Change permissions 'read' or 'none'

Read more:

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs#assigning-permissions-to-a-specific-job

Updated about 1 year ago