Limit Workflow Write Permissions to Job-Level
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Ensure workflows are granted write permissions only at the job level
Details
- Default Category: github workflows
- Default Priority Group: P11
- C-SCRM: true
- Mitre: CWE-250
- Mitre: CAPEC-69
- Sources: OpenSSF Scorecard
- Sources: OpenSSF SCM Best Practices
- How To: Github Docs