[BUG] Github Actions: set top-level permissions

Question

[BUG] Github Actions: set top-level permissions

psilva-veeam opened this issue 8 months ago · 1 comments

Describe the bug

Set top-level permissions for Github Actions to contents: read. If needed, individual jobs can still get higher permissions.

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

To Reproduce

Dependabot status

Expected behavior

Top-level permissions for Github Actions set to contents: read resulting in no issues from Dependabot

Screenshots

Environment

Github Actions

Additional context

kastenhq/kubestr#242

Answer 1 · 2024-05-06T14:31:47.000Z

Thanks for opening this issue 👍. The team will review it shortly.

If this is a bug report, make sure to include clear instructions how on to reproduce the problem with minimal reproducible examples, where possible. If this is a security report, please review our security policy as outlined in SECURITY.md.

If you haven't already, please take a moment to review our project's Code of Conduct document.