ci: harden GitHub actions #22321

step-security-bot · 2023-07-25T14:35:19Z

Summary

This pull request is created by Secure Repo at the request of @danielroe. Please merge the Pull Request to incorporate the requested changes. Please tag @danielroe on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN.

Pinned Dependencies

GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

bolt-new-by-stackblitz · 2023-07-25T14:35:22Z

Run & review this pull request in StackBlitz Codeflow.

[StepSecurity] ci: Harden GitHub Actions

cc634d6

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

danielroe approved these changes Jul 25, 2023

View reviewed changes

danielroe merged commit 2748e54 into nuxt:main Jul 25, 2023

github-actions bot mentioned this pull request Jul 25, 2023

v3.7.0 #22222

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

ci: harden GitHub actions #22321

ci: harden GitHub actions #22321

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

ci: harden GitHub actions #22321

ci: harden GitHub actions #22321

Uh oh!

Conversation

Summary

Security Fixes

Least Privileged GitHub Actions Token Permissions

Pinned Dependencies

Feedback

Uh oh!

Uh oh!

Uh oh!