[bisq-network/bisq] fix: permissions for build.yml (PR #6083)
Shubham malik
notifications at github.com
Wed Mar 2 16:11:34 CET 2022
GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.
StepSecurity is working on securing GitHub workflows and [OSSF Scorecards](https://github.com/ossf/scorecard) recommends using StepSecurity's secure-workflows online tool [app.stepsecurity.io](https://github.com/cosmos/cosmos-sdk/pull/app.stepsecurity.io) to improve the security of GitHub workflows.
We have fixed one of the repo's workflows for you by adding permissions for the involved jobs. You can secure the rest of the workflows for improved security by using the StepSecurity online tool at [app.stepsecurity.io](https://app.stepsecurity.io/).
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/6083
-- Commit Summary --
* Update build.yml
-- File Changes --
M .github/workflows/build.yml (3)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/6083.patch
https://github.com/bisq-network/bisq/pull/6083.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/6083
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/bisq/pull/6083 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20220302/4b62af64/attachment.htm>
More information about the bisq-github
mailing list