[SPARK-38426] Fix the permissions for GitHub workflows - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.2.1
Fix Version/s: None
Component/s: Build
Labels:
None

Description

The workflow files don't have permission restricted. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
In some of the workflows, the actions aren't pinned by SHA. https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies

Attachments

Issue Links

links to

[Github] Pull Request #35742 (naveensrinivasan)

Activity

People

Assignee:: Unassigned

Reporter:: Naveen S

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Mar/22 16:02

Updated:: 06/Mar/22 16:40