We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scorecard reports the below findings. If the report is accurate, the token permissions need to be reduced to the minimal.
Reason detected GitHub workflow tokens with excessive permissions Details Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cd.yml:69 Warn: topLevel 'contents' permission set to 'write': .github/workflows/cd.yml:10 Warn: no topLevel permission defined: .github/workflows/ci.yml:1 Warn: no topLevel permission defined: .github/workflows/functional-tests.yml:1 Warn: no topLevel permission defined: .github/workflows/review-approved.yml:1 Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18 Warn: no topLevel permission defined: .github/workflows/update-pre-commit-hooks.yml:1 Warn: no topLevel permission defined: .github/workflows/update-python-deps.yml:1
"Token Permissions" check in Scorecard report: https://scorecard.dev/viewer/?uri=github.com/repository-service-tuf/repository-service-tuf-cli
The text was updated successfully, but these errors were encountered:
No branches or pull requests
What do you want to share with us?
Scorecard reports the below findings. If the report is accurate, the token permissions need to be reduced to the minimal.
Reason
detected GitHub workflow tokens with excessive permissions
Details
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cd.yml:69
Warn: topLevel 'contents' permission set to 'write': .github/workflows/cd.yml:10
Warn: no topLevel permission defined: .github/workflows/ci.yml:1
Warn: no topLevel permission defined: .github/workflows/functional-tests.yml:1
Warn: no topLevel permission defined: .github/workflows/review-approved.yml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Warn: no topLevel permission defined: .github/workflows/update-pre-commit-hooks.yml:1
Warn: no topLevel permission defined: .github/workflows/update-python-deps.yml:1
References
"Token Permissions" check in Scorecard report: https://scorecard.dev/viewer/?uri=github.com/repository-service-tuf/repository-service-tuf-cli
Code of Conduct
The text was updated successfully, but these errors were encountered: