neilnaveen
f4569f0b48
Set permissions for GitHub actions ( #5090 )
...
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-12 18:59:11 +00:00
renovate[bot]
3f3a489f33
chore(deps): update actions/checkout action to v3 ( #4931 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Jonathan Yu <jonathan@coder.com>
2022-03-01 16:31:32 -07:00
Jonathan Yu
83269ba658
chore: limit concurrency for build jobs ( #4929 )
...
* Configure build jobs to cancel previous builds when new changes
are pushed to a pull request branch, and serialize builds when
running in a branch from a push event
* Reduce privileges of GitHub token for scripts workflow
2022-03-01 15:03:39 -08:00
Joe Previte
2bf0907de8
feat: add codeql-config file
2021-04-27 15:38:09 -07:00
Joe Previte
3577985015
feat: add codeql-analysis.yml
2021-04-27 15:38:09 -07:00
