Skip to content

task: Address Token-Permissions Scorecard regressions #334

Description

@xmudrii

Overview

Several repos regressed their Token-Permissions Scorecard score by using top-level write permissions in GitHub Actions workflows. This was found while doing research for #329.

This was originally fixed in #269, but new additions made us regress. The list of affected repos:

  • helm-charts
  • backlog
  • custom-images
  • kube-bind-provider
  • example-httpbin-operator
  • platform-mesh-operator
  • upstream-images
  • samples-opendesk-ocm-landscaper

This ticket should try to address two things:

  • These regressions by properly defining permissions
  • Implementing a mechanism to prevent future regressions

Implementation Details

  • Ensure permissions are properly defined for workflows in the listed repos
  • Implement a mechanism (in all repos) to prevent future regressions

Completion Checklist

  • Code implemented and tested
  • Documentation updated
  • Changes reviewed

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Demo'd

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions