Conversation
![semgrep-managed-scans[bot]](https://avatars.githubusercontent.com/u/56493103?s=60&v=4){kind=small}
|
|
||
| jobs: | ||
| test: | ||
| strategy: |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
No explicit GITHUB_TOKEN permissions found at the workflow or job level. Add a permissions: block at the workflow root (applies to all jobs) or per job with least privilege (e.g., contents: read and only specific writes like pull-requests: write if needed).
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by missing-explicit-permissions.
You can view more details about this finding in the Semgrep AppSec Platform.
|
|
||
| jobs: | ||
| extensibility-test: | ||
| strategy: |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
No explicit GITHUB_TOKEN permissions found at the workflow or job level. Add a permissions: block at the workflow root (applies to all jobs) or per job with least privilege (e.g., contents: read and only specific writes like pull-requests: write if needed).
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by missing-explicit-permissions.
You can view more details about this finding in the Semgrep AppSec Platform.
1 participant
update dependencies