You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub recommends users limit the permissions of any third-party actions: 1
Use credentials that are minimally scoped
Make sure the credentials being used within workflows have the least privileges required, and be mindful that any user with write access to your repository has read access to all secrets configured in your repository.
Actions can use the GITHUB_TOKEN by accessing it from the github.token context. For more information, see "Contexts." You should therefore make sure that the GITHUB_TOKEN is granted the minimum required permissions. It's good security practice to set the default permission for the GITHUB_TOKEN to read access only for repository contents. The permissions can then be increased, as required, for individual jobs within the workflow file. For more information, see "Automatic token authentication."
Can you please list the required permissions 2 for the devcontainers/ci in a new section of the README.md and in the relevant code examples?
GitHub recommends users limit the permissions of any third-party actions: 1
Can you please list the required permissions 2 for the
devcontainers/ciin a new section of theREADME.mdand in the relevant code examples?Footnotes
GitHub Docs, security hardening, using secrets ↩
GitHub Docs, workflow syntax, permissions ↩
The text was updated successfully, but these errors were encountered: