Skip to content

[StepSecurity] Apply security best practices #3292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 23, 2022
Merged

[StepSecurity] Apply security best practices #3292

merged 3 commits into from
Nov 23, 2022

Conversation

step-security-bot
Copy link
Contributor

@step-security-bot step-security-bot commented Nov 22, 2022
edited by lucacome
Loading

Summary

This is an automated pull request generated by Secure Workflows at the request of @lucacome. Please merge the Pull Request to incorporate the requested changes. Please tag @lucacome on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The least privilged token permissions were calculate using Secure WorkFlows based on the actions included in the GitHub Workflow files. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

Pinned Dependencies

A pinned dependency is a dependency that is explicitly set to a specific hashed version instead of a mutable version. Pinned dependencis ensure that development and deployment are done with the same software versions which reduces deployment risks, and enables reproducibility. It can help mitigate compromised dependencies from undermining the security of the project in certain scenarios. The dependencies were pinned using Secure WorkFlows

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-workflows. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot [email protected]

@step-security-bot step-security-bot requested a review from a team as a code owner November 22, 2022 17:42
@codecov-commenter
Copy link

codecov-commenter commented Nov 23, 2022
edited
Loading

Codecov Report

Merging #3292 (eb0b5bd) into main (9d94d45) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #3292   +/-   ##
=======================================
  Coverage   52.66%   52.66%           
=======================================
  Files          59       59           
  Lines       16117    16117           
=======================================
  Hits         8488     8488           
  Misses       7345     7345           
  Partials      284      284

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@lucacome lucacome merged commit 26342f8 into nginx:main Nov 23, 2022
@lucacome lucacome added the chore Pull requests for routine tasks label Jan 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ciarams87 ciarams87 ciarams87 approved these changes

@lucacome lucacome Awaiting requested review from lucacome lucacome was automatically assigned from nginxinc/kic

@haywoodsh haywoodsh Awaiting requested review from haywoodsh haywoodsh was automatically assigned from nginxinc/kic

@shaun-nx shaun-nx Awaiting requested review from shaun-nx shaun-nx was automatically assigned from nginxinc/kic

+1 more reviewer

@jjngx jjngx jjngx approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
chore Pull requests for routine tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@step-security-bot @codecov-commenter @ciarams87 @jjngx @lucacome @tomasohaodha