{"id": 928210171, "node_id": "PR_kwDOBm6k_c43U1z7", "number": 1740, "state": "closed", "locked": 0, "title": "chore: Set permissions for GitHub actions", "user": {"value": 172697, "label": "naveensrinivasan"}, "body": " Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won\u2019t be able to do much.\n\n- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions\n\nhttps://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions\n\nhttps://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs\n\n[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)\n\nSigned-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>\n", "created_at": "2022-05-05T01:03:08Z", "updated_at": "2022-05-31T19:28:41Z", "closed_at": "2022-05-31T19:28:40Z", "merged_at": "2022-05-31T19:28:40Z", "merge_commit_sha": "2e9751672d4fe329b3c359d5b7b1992283185820", "assignee": null, "milestone": null, "draft": 0, "head": "f76fce5fd2bacadf2f46656e32093c6d639270c9", "base": "280ff372ab30df244f6c54f6f3002da57334b3d7", "author_association": "CONTRIBUTOR", "repo": {"value": 107914493, "label": "datasette"}, "url": "https://github.com/simonw/datasette/pull/1740", "merged_by": null, "auto_merge": null}