Restrict token permissions for Auto Assign PR #61

irongut · 2022-08-05T22:53:40Z

Feature Request

The Auto Assign PR workflow doesn't have GitHub token permissions specified because it uses an Action not in the StepSecurity database.

All workflows should restrict the GitHub token permissions.

#49 Implement StepSecurity Secure Workflows (audit)
#51 Implement StepSecurity Secure Workflows (policy)

github-actions · 2022-11-04T02:12:54Z

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days.

github-actions · 2022-12-05T01:58:55Z

This issue was closed because it has been stale for 30 days with no activity.

irongut added enhancement New feature or request DevOps Security Security vulnerabilities or improvements labels Aug 5, 2022

irongut self-assigned this Aug 5, 2022

irongut pinned this issue Aug 5, 2022

github-actions bot added the stale label Nov 4, 2022

github-actions bot closed this as completed Dec 5, 2022