Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions #1623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

mwvolo
Copy link
Member

@mwvolo mwvolo commented May 6, 2025

Potential fix for https://github.com/openstax/openstax-cms/security/code-scanning/1

To fix the issue, we will add a permissions block at the root level of the workflow. This block will specify the least privileges required for the workflow to function correctly. Based on the workflow's steps, the following permissions are needed:

  • contents: read for accessing the repository's code.
  • statuses: write for reporting the status of the workflow.
  • id-token: write for authentication with third-party services if required.

The permissions block will be added at the top of the workflow, just below the name field.


Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@mwvolo mwvolo requested a review from Copilot May 6, 2025 23:54
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses a code scanning alert by adding a permissions block to the workflow for improved security.

  • Added a permissions block with "contents: read" and "statuses: write" under the workflow name.
  • The changes aim to restrict workflow permissions to the minimum required.

Co-authored-by: Copilot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant