You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+17Lines changed: 17 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -74,6 +74,23 @@ The following variables are set in the `.env` file created by the pipeline:
74
74
- If you encounter issues with database migrations, verify your database settings in `settings.py`.
75
75
- Review the logs in the GitHub Actions tab for detailed error messages.
76
76
77
+
# Security Improvements in GitHub Actions Workflows
78
+
79
+
## Overview
80
+
We have updated the GitHub Actions workflows to ensure minimal permissions are used, addressing the issue `CKV2_GHA_1: Ensure top-level permissions are not set to write-all`.
81
+
82
+
### Changes Made
83
+
- Replaced `write-all` permissions with specific permissions such as:
84
+
-`contents: read`
85
+
-`pull-requests: write`
86
+
-`packages: write`
87
+
- Added detailed comments to explain the purpose of each permission.
88
+
89
+
### Debugging Tips
90
+
- Ensure that all required permissions are explicitly defined in the workflow files.
91
+
- Review the logs in the GitHub Actions tab for detailed error messages.
92
+
- Use tools like Checkov or CodeQL to scan your workflows for security issues and generate SARIF reports for further analysis.
0 commit comments