Skip to content

Fixes Token-Permissions Issue Identified By Scorecard #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 18, 2024
Merged

Fixes Token-Permissions Issue Identified By Scorecard #193

merged 2 commits into from
Jun 18, 2024

Conversation

ware
Copy link

@ware ware commented Jun 13, 2024

Proposed changes

This change simply adds the top level GitHub token permission of read for the github-ci workflow to ensure the project is following best security practices.

Types of changes

What types of changes does your code introduce to the HE Toolkit project?
Put an x in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating
the PR. If you are unsure about any of them, do not hesitate to ask. We are
here to help! This is simply a reminder of what we are going to look for before
merging your code.

  • I have read the CONTRIBUTING section
  • Current formatting and unit tests / base functionality passes locally with my changes
  • I have added tests that prove my fix is effective or that my feature works (if appropriate)
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in downstream modules

Further comments

This is a very simple change to comply with Intel's expectations around Intel managed open source projects. Any workflows below the top level that need write access will of course need to have the permission for that specific workflow change.

step-security-bot and others added 2 commits June 13, 2024 19:54
@step-security-bot
[StepSecurity] ci: Harden GitHub Actions
a9cbc2d 
Signed-off-by: StepSecurity Bot <[email protected]>
Merge pull request #1 from step-security-bot/stepsecurity_remediation…
5354560 
…_1718308481

[StepSecurity] ci: Harden GitHub Actions
@ware ware changed the title Fixes Permissions-Token Issue Identified By Scorecard Fixes Token-Permissions Issue Identified By Scorecard Jun 13, 2024
@faberga faberga merged commit f1d125c into intel:main Jun 18, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faberga faberga faberga approved these changes

@kylanerace kylanerace Awaiting requested review from kylanerace kylanerace is a code owner

@jobottle jobottle Awaiting requested review from jobottle

@hamishun hamishun Awaiting requested review from hamishun

@jlhcrawford jlhcrawford Awaiting requested review from jlhcrawford

@skmono skmono Awaiting requested review from skmono

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ware @faberga @step-security-bot