Skip to content

Latest commit

 

History

History
43 lines (31 loc) · 917 Bytes

010.md

File metadata and controls

43 lines (31 loc) · 917 Bytes

github_app_should_limit_permissions

GitHub Actions issuing GitHub Access tokens from GitHub Apps should limit permissions.

This policy supports the following actions.

  1. https://github.com/tibdex/github-app-token

Examples

tibdex/github-app-token

https://github.com/tibdex/github-app-token

- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
  with:
    app_id: ${{secrets.APP_ID}}
    private_key: ${{secrets.PRIVATE_KEY}}
    repositories: >-
      ["${{github.event.repository.name}}"]

- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
  with:
    app_id: ${{secrets.APP_ID}}
    private_key: ${{secrets.PRIVATE_KEY}}
    repositories: >-
      ["${{github.event.repository.name}}"]
    permissions: >-
      {
        "contents": "read"
      }

Why?

The scope of access tokens should be limited.