Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[StepSecurity] ci: Harden GitHub Actions #305

Merged

Conversation

step-security-bot
Copy link
Contributor

Summary

This is an automated pull request generated by Secure Workflows at the request of @lucacome. Please merge the Pull Request to incorporate the requested changes. Please tag @lucacome on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The least privilged token permissions were calculate using Secure WorkFlows based on the actions included in the GitHub Workflow files. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-workflows or contact us via our website.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@lucacome lucacome self-requested a review October 7, 2022 21:05
@lucacome lucacome self-assigned this Oct 7, 2022
@lucacome lucacome requested review from a team, haywoodsh and jjngx October 7, 2022 21:05
@jjngx jjngx requested a review from a team October 10, 2022 09:13
@lucacome lucacome merged commit b1c74d4 into nginxinc:main Oct 10, 2022
@lucacome lucacome added the chore Pull requests for routine tasks label Nov 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Pull requests for routine tasks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants