Set up Github Workflow permissions #2108

joycebrum · 2023-02-15T20:49:47Z

NB: Before opening a feature request against this repo, consider whether the feature should be available across all languages in the OpenCensus libraries. If so, please open an issue on opencensus-specs first.

No need of being available across all languages.

Is your feature request related to a problem? If so, please describe it.

Hi, I'm opening this issue on behalf of Google and the OpenSSF.

There is a known risky behavior of Github Workflows that all permissions are set to write if none are specified. Thus, it is both a recommendation from OpenSSF Scorecard and the Github to always use credentials that are minimally scoped.

Describe the solution you'd like.

I would like to suggest a PR defining the top level permission as read only and the run level permissions as needed to all the project's workflows.

Let me know if the PR is welcome.

Describe alternatives you've considered.

None.

Additional context.

None

joycebrum added the feature-request label Feb 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set up Github Workflow permissions #2108

Set up Github Workflow permissions #2108

joycebrum commented Feb 15, 2023

Set up Github Workflow permissions #2108

Set up Github Workflow permissions #2108

Comments

joycebrum commented Feb 15, 2023

Is your feature request related to a problem? If so, please describe it.

Describe the solution you'd like.

Describe alternatives you've considered.

Additional context.