[PR #178] [MERGED] [StepSecurity] ci: Harden GitHub Actions #181

New issue

Closed

opened 2026-02-26 18:33:39 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 18:33:39 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/decke/smtprelay/pull/178
Author: @step-security-bot
Created: 2/4/2025
Status: ✅ Merged
Merged: 2/4/2025
Merged by: @decke

Base: master ← Head: stepsecurity_remediation_1738661311

📝 Commits (1)

d1415c5 [StepSecurity] ci: Harden GitHub Actions

📊 Changes

1 file changed (+3 additions, -0 deletions)

View changed files

📝 .github/workflows/codeql-analysis.yml (+3 -0)

📄 Description

Summary

This pull request is created by StepSecurity at the request of @decke. Please merge the Pull Request to incorporate the requested changes. Please tag @decke on your message if you have any questions related to the PR.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/decke/smtprelay/pull/178 **Author:** [@step-security-bot](https://github.com/step-security-bot) **Created:** 2/4/2025 **Status:** ✅ Merged **Merged:** 2/4/2025 **Merged by:** [@decke](https://github.com/decke) **Base:** `master` ← **Head:** `stepsecurity_remediation_1738661311` --- ### 📝 Commits (1) - [`d1415c5`](https://github.com/decke/smtprelay/commit/d1415c5fc6bcdeed319b6d708e1c8d6b3b5a5808) [StepSecurity] ci: Harden GitHub Actions ### 📊 Changes **1 file changed** (+3 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/codeql-analysis.yml` (+3 -0) </details> ### 📄 Description ## Summary This pull request is created by [StepSecurity](https://app.stepsecurity.io/securerepo) at the request of @decke. Please merge the Pull Request to incorporate the requested changes. Please tag @decke on your message if you have any questions related to the PR. ## Security Fixes ### Least Privileged GitHub Actions Token Permissions The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) ## Feedback For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>