mirror of
https://github.com/zizmorcore/zizmor.git
synced 2025-12-23 08:47:33 +00:00
excessive-permissions: add missing known permissions (#1461)
Some checks failed
CI / Lint (push) Has been cancelled
CI / Test (push) Has been cancelled
CI / Test site build (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
CodSpeed Benchmarks / Run benchmarks (push) Has been cancelled
CI / All tests pass (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
Some checks failed
CI / Lint (push) Has been cancelled
CI / Test (push) Has been cancelled
CI / Test site build (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
CodSpeed Benchmarks / Run benchmarks (push) Has been cancelled
CI / All tests pass (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
This commit is contained in:
William Woodruff
GitHub
parent
1a6a008951
commit
c3913e7eff
2 changed files with 8 additions and 0 deletions
|
|
@ -14,6 +14,7 @@ use crate::{
|
|||
static KNOWN_PERMISSIONS: LazyLock<HashMap<&str, Severity>> = LazyLock::new(|| {
|
||||
[
|
||||
("actions", Severity::High),
|
||||
("artifact-metadata", Severity::Medium),
|
||||
("attestations", Severity::High),
|
||||
("checks", Severity::Medium),
|
||||
("contents", Severity::High),
|
||||
|
|
@ -21,6 +22,8 @@ static KNOWN_PERMISSIONS: LazyLock<HashMap<&str, Severity>> = LazyLock::new(|| {
|
|||
("discussions", Severity::Medium),
|
||||
("id-token", Severity::High),
|
||||
("issues", Severity::High),
|
||||
// What does the write permission even do here?
|
||||
("models", Severity::Low),
|
||||
("packages", Severity::High),
|
||||
("pages", Severity::High),
|
||||
("pull-requests", Severity::High),
|
||||
|
|
|
|||
|
|
@ -9,6 +9,11 @@ of `zizmor`.
|
|||
|
||||
## Next (UNRELEASED)
|
||||
|
||||
### Enhancements 🌱
|
||||
|
||||
* The [excessive-permissions] audit is now aware of the `artifact-metadata`
|
||||
and `models` permissions (#1461)
|
||||
|
||||
## 1.19.0
|
||||
|
||||
### New Features 🌈
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue