Security Policy violation Security Scorecards
talend-allstar-instance opened this issue · 1 comments
This issue was automatically created by Allstar.
Security Policy Violation
Project is out of compliance with Security Scorecards policy
Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
**First 10 Results from policy: Token-Permissions : non read-only tokens detected in GitHub workflows **
- .github/workflows/java11.yml[1]:no topLevel permission defined
- .github/workflows/java11.yml[1]:not a publishing workflow: .github/workflows/java11.yml
- .github/workflows/java11.yml[1]:not a releasing workflow: .github/workflows/java11.yml
- .github/workflows/java11.yml[1]:not a GitHub Pages deployment workflow: .github/workflows/java11.yml
- .github/workflows/java11.yml[1]:not a codeql workflow
- .github/workflows/java11.yml[1]:not a codeql upload SARIF workflow
- .github/workflows/java11.yml[9]:no jobLevel permission defined
- .github/workflows/java17.yml[1]:no topLevel permission defined
- .github/workflows/java17.yml[1]:not a publishing workflow: .github/workflows/java17.yml
- .github/workflows/java17.yml[1]:not a releasing workflow: .github/workflows/java17.yml
- Run a Scorecards scan to see full list.
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
Policy is now in compliance. Closing issue.