From 494ea2d29d4639345a238dc8a98c06abd89f4f4c Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Fri, 11 Feb 2022 16:52:39 +0530 Subject: [PATCH 1/6] added github_token permissions --- code-scanning/powershell.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml index dfbf452..22e5ea7 100644 --- a/code-scanning/powershell.yml +++ b/code-scanning/powershell.yml @@ -17,8 +17,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: build: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results name: PSScriptAnalyzer runs-on: ubuntu-latest steps: From dc2daec13461e79d070e114e1c6acdedc695ca50 Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Mon, 14 Feb 2022 11:27:43 +0530 Subject: [PATCH 2/6] added token permissions --- ci/msbuild.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/msbuild.yml b/ci/msbuild.yml index 29b6ace..2cf2a88 100644 --- a/ci/msbuild.yml +++ b/ci/msbuild.yml @@ -11,6 +11,9 @@ env: # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix BUILD_CONFIGURATION: Release +permissions: + contents: read + jobs: build: runs-on: windows-latest From d50a73e3b85ca935b2a475373e3645a277b0757b Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Mon, 14 Feb 2022 12:47:03 +0530 Subject: [PATCH 3/6] Update python-publish.yml --- ci/python-publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 3bfabfc..489d5e6 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -12,6 +12,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: deploy: From fa522381039cec2072a9f83de5f7fd077faf57d4 Mon Sep 17 00:00:00 2001 From: arjundashrath <54043589+arjundashrath@users.noreply.github.com> Date: Mon, 14 Feb 2022 12:57:42 +0530 Subject: [PATCH 4/6] Update gradle.yml --- ci/gradle.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/gradle.yml b/ci/gradle.yml index fc8cf2f..11b4ea6 100644 --- a/ci/gradle.yml +++ b/ci/gradle.yml @@ -13,6 +13,9 @@ on: pull_request: branches: [ $default-branch ] +permissions: + contents: read + jobs: build: From 3a1a8562bf027aa2426256a7c187344e6a48f3ab Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Sat, 19 Mar 2022 15:49:21 +0530 Subject: [PATCH 5/6] Update snyk-container.yml --- code-scanning/snyk-container.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/snyk-container.yml b/code-scanning/snyk-container.yml index 8ff2c9a..2373377 100644 --- a/code-scanning/snyk-container.yml +++ b/code-scanning/snyk-container.yml @@ -22,8 +22,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: snyk: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 From 18952126dca8c9b124ee6e15eed336f4a2f5e656 Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Sat, 19 Mar 2022 15:54:27 +0530 Subject: [PATCH 6/6] Update ossar.yml --- code-scanning/ossar.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/ossar.yml b/code-scanning/ossar.yml index b5aefa4..f09b611 100644 --- a/code-scanning/ossar.yml +++ b/code-scanning/ossar.yml @@ -17,10 +17,16 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: OSSAR-Scan: # OSSAR runs on windows-latest. # ubuntu-latest and macos-latest support coming soon + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: windows-latest steps: