step-security/secure-repo

Increment actions permissions to knowledge-base

gabibguti opened this issue · 2 comments

I found some actions that are not included in the knowledge-base:

action worked with permissions
uraimo/run-on-arch-action contents: read
lukka/run-cmake contents: read

Does it make sense to add them to the knowledge base?

Hi, @gabibguti thanks for creating the issue!

When one tries to set permissions and KB is missing, we create an automated PR to track it.

I do see PRs for these two Actions. We are running late on analyzing and creating KBs for Actions.
lukka/run-cmake is easy. It does not use the token. I will merge this soon.

uraimo/run-on-arch-action seems to be using packages: write to cache images
https://github.com/uraimo/run-on-arch-action/blob/d9e985ee32020b12e9cafe5b7d52cf0122bb7609/src/run-on-arch.sh#L77
So this might need packages: write. What do you think?

In the future, feel free to create PRs for KBs or comment on existing PRs with analysis if you need some KBs to be merged soon. Thanks!

These two actions have been added to the KB.