Skip to content

Potential fix for code scanning alert no. 207: Workflow does not contain permissions#244

Merged
projectedanx merged 1 commit into
masterfrom
alert-autofix-207
Jul 6, 2026
Merged

Potential fix for code scanning alert no. 207: Workflow does not contain permissions#244
projectedanx merged 1 commit into
masterfrom
alert-autofix-207

Conversation

@projectedanx

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/projectedanx/YOURLS/security/code-scanning/207

Add an explicit permissions: block at the job level for tesc-operation so the token is constrained to only what this job needs.

Best fix here (without changing functionality): in .github/workflows/TESC.yml, under jobs.tesc-operation and before runs-on, add:

  • contents: read (safe baseline)
  • actions: read (for action-related reads)
  • deployments: write (required for github.rest.repos.createDeployment)

This preserves behavior while explicitly limiting token scope.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Daniel Hart | ALifeInArtifyAI <238904666+projectedanx@users.noreply.github.com>
@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@projectedanx projectedanx marked this pull request as ready for review July 6, 2026 14:35
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Comment on lines +34 to +35
permissions:
contents: read
@projectedanx projectedanx merged commit d451112 into master Jul 6, 2026
20 of 22 checks passed
@projectedanx projectedanx deleted the alert-autofix-207 branch July 6, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants