[KB] Add GitHub token permissions for dorny/test-reporter Action

Question

[KB] Add GitHub token permissions for dorny/test-reporter Action

step-security-bot opened this issue 2 years ago · 1 comments

Knowledge Base is missing for dorny/test-reporter.

Answer 1 · 2023-01-18T09:26:20.000Z

Analysis

Action Name: dorny/test-reporter
Action Type: Node
GITHUB_TOKEN Matches: token,Token
Top language: TypeScript
Stars: 426
Private: false
Forks: 96

Endpoints Found

Endpoint	Permission
checks.create	write
checks.update	write
actions.listWorkflowRunArtifacts	read
actions.downloadArtifact	read
git.getCommit	read
git.getTree	read

FollowUp Links.

https://github.com/dorny/test-reporter/blob/e9fa2f582c0ebbe2e263fd18fad744d52e0b0203/src/main.ts
https://github.com/dorny/test-reporter/blob/0d9714ddc7ff86918ec725a527a3a069419d301a/src/input-providers/artifact-provider.ts
https://github.com/dorny/test-reporter/blob/0d9714ddc7ff86918ec725a527a3a069419d301a/src/utils/github-utils.ts

action-security.yml

name: Test Reporter
github-token:
  action-input:
    input: token
    is-default: true
  permissions:
    checks: write
    actions: read
    contents: read