Prevent Workflows from Creating or Approving PRs
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Ensure workflows are not allowed to create or approve pull requests
Details
- Default Category: github workflow permissions
- Default Priority Group: P9
- C-SCRM: true
- Mitre: CWE-250
- Mitre: CAPEC-69
- Sources: OpenSSF Scorecard
- Sources: OpenSSF SCM Best Practices
- How To: Github Docs