SLF4J / SLF4J-553 [Open] Add GitHub token permissions for GitHub Actions workflow ============================== Here's what changed in this issue in the last few minutes. This issue has been created This issue is now assigned to you. View or comment on issue using this link https://jira.qos.ch/browse/SLF4J-553 ============================== Issue created ------------------------------ Varun Sharma created this issue on 19/Jul/22 5:19 PM Summary: Add GitHub token permissions for GitHub Actions workflow Issue Type: Improvement Assignee: SLF4J developers list Created: 19/Jul/22 5:19 PM Environment: GitHub Action workflow at https://github.com/qos-ch/slf4j/blob/master/.github/workflows/main.yml Priority: Major Reporter: Varun Sharma Description: This work has been done as part of PR: [https://github.com/qos-ch/slf4j/pull/293] GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows * [https://github.blog/changelog/2021-04-20-github-actions-control-permissions-...] * [https://docs.github.com/en/actions/security-guides/automatic-token-authentic...] * The Open Source Security Foundation (OpenSSF) [Scorecards|https://github.com/ossf/scorecard] treats not setting token permissions as a high-risk issue ============================== This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59)