GITHUB_TOKEN should have minimum permissions
PreviousPrevent execution of untrusted code from forks (Pwn Request Vulnerability)NextThird-party GitHub Actions with high scores should be used
Last updated
Last updated
This check passes if the job's GITHUB_TOKEN does not have all the read and write permissions
Reduces the impact of compromise of the GITHUB_TOKEN.
Set minimum GitHub token permissions at the job or workflow level. You can fix this issue by an automated pull request.
1. Navigate to your dashboard.
2. Click "Overview"
3. Click "GITHUB_TOKEN should have minimum permissions."
4. Navigate to workflows which have a Failed compliance status.
5. Click "Link to build log" to view the evidence on the workflow/job.
6. You can view individual jobs.
7. You can also view more security insights and recommended policy by clicking thr link in the Harden Runner step
8. Several security insights are displayed which includes the Network Events, Recommendations, etc.
9. Navigate back to the security control.
10. To fix the issue, click the "OPEN A FIX PR" button.
