{"id": 1226106354, "node_id": "PR_kwDOBm6k_c43U1z7", "number": 1740, "title": "chore: Set permissions for GitHub actions", "user": {"value": 172697, "label": "naveensrinivasan"}, "state": "closed", "locked": 0, "assignee": null, "milestone": null, "comments": 1, "created_at": "2022-05-05T01:03:08Z", "updated_at": "2022-05-31T19:28:41Z", "closed_at": "2022-05-31T19:28:40Z", "author_association": "CONTRIBUTOR", "pull_request": "simonw/datasette/pulls/1740", "body": " Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won\u2019t be able to do much.\n\n- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions\n\nhttps://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions\n\nhttps://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs\n\n[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)\n\nSigned-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>\n", "repo": {"value": 107914493, "label": "datasette"}, "type": "pull", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/1740/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": 0, "state_reason": null}