Confirmed users
1,364
edits
GitHub/Repository Security/GitHub Workflows & Actions: Difference between revisions
GitHub/Repository Security/GitHub Workflows & Actions (view source)
Revision as of 22:42, 15 July 2024
, 15 July 2024more recommendations for least privilege
(updated with 'actions/checkout' tip) |
(more recommendations for least privilege) |
||
| Line 16: | Line 16: | ||
# As always, enforce “least privilege” wherever possible. | # As always, enforce “least privilege” wherever possible. | ||
#* Explicitly set "<code>persist-credentials: false</code>" when using the "<code>actions/checkout</code>" action. (Prevent hidden state.) | #* Explicitly set "<code>persist-credentials: false</code>" when using the "<code>actions/checkout</code>" action. (Prevent hidden state.) | ||
#* Explicitly unset <tt>GITHUB_TOKEN</tt> when not needed at the workflow or job level with "<code>permissions: {}</code>". | |||