Suggestion of Security Improvement: specify permissions for GitHub Workflows #45150
Unanswered
diogoteles08
asked this question in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
I'm Diogo and have introduced myself on the Welcome discussion, here =)
I'm creating this discussion to suggest reviewing the permissions at the GitHub Workflows of Laravel. I could see that some external workflows are being called without defining their specific permissions (e.g., here or here), and in this case the default permissions are used. It's important to set the workflow permissions according to the least privilege principle, because if any external job is compromised, Laravel could be corrupted as well.
If agreed, I'd be happy to create a PR to update the workflow files to limit and specify the permissions, making the whole repo more secure.
Thanks for the attention!
Beta Was this translation helpful? Give feedback.
All reactions