Fix code scanning alert - Token-Permissions: .github/workflows/pr-title.yml #631

ianlewis · 2023-06-02T04:38:21Z

.github/workflows/pr-title.yml:1:
score is 0: no topLevel permission defined
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help

Tracking issue for:

https://github.com/slsa-framework/slsa-verifier/security/code-scanning/9

ianlewis changed the title ~~Fix code scanning alert - Token-Permissions~~ Fix code scanning alert - Token-Permissions: .github/workflows/pr-title.yml Jun 2, 2023

ianlewis added area:hardening Issue related to security hardening type:bug Something isn't working labels Jun 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix code scanning alert - Token-Permissions: .github/workflows/pr-title.yml #631

Fix code scanning alert - Token-Permissions: .github/workflows/pr-title.yml #631

ianlewis commented Jun 2, 2023 •

edited

Fix code scanning alert - Token-Permissions: .github/workflows/pr-title.yml #631

Fix code scanning alert - Token-Permissions: .github/workflows/pr-title.yml #631

Comments

ianlewis commented Jun 2, 2023 • edited

ianlewis commented Jun 2, 2023 •

edited