lib/json
1
0
Fork 0
mirror of https://github.com/nlohmann/json.git synced 2025-07-31 10:24:23 +03:00
Code Activity

[StepSecurity] ci: Harden GitHub Actions (#4551)

Browse Source 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
StepSecurity Bot
2024-12-17 06:20:06 -08:00
committed by GitHub
parent 861ec9c3c6
commit 5362012fdd
9 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/check_amalgamation.yml vendored
View File

@ -3,6 +3,9 @@ name: "Check amalgamation"
on: on:
pull_request: pull_request:
permissions:
contents: read
jobs: jobs:
save: save:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/cifuzz.yml vendored
View File

@ -1,6 +1,9 @@
name: CIFuzz name: CIFuzz
on: [pull_request] on: [pull_request]
permissions:
contents: read
jobs: jobs:
Fuzzing: Fuzzing:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/codeql-analysis.yml vendored
View File

@ -15,6 +15,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }} group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
CodeQL-Build: CodeQL-Build:

3
.github/workflows/comment_check_amalgamation.yml vendored
View File

@ -5,6 +5,9 @@ on:
types: types:
- completed - completed
permissions:
contents: read
jobs: jobs:
comment: comment:
if: ${{ github.event.workflow_run.conclusion == 'failure' }} if: ${{ github.event.workflow_run.conclusion == 'failure' }}

3
.github/workflows/dependency-review.yml vendored
View File

@ -9,6 +9,9 @@
name: 'Dependency Review' name: 'Dependency Review'
on: [pull_request] on: [pull_request]
permissions:
contents: read
jobs: jobs:
dependency-review: dependency-review:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/labeler.yml vendored
View File

@ -4,6 +4,9 @@ on:
pull_request_target: pull_request_target:
types: [opened, synchronize] types: [opened, synchronize]
permissions:
contents: read
jobs: jobs:
label: label:
permissions: permissions:

3
.github/workflows/macos.yml vendored
View File

@ -13,6 +13,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }} group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
# macos-11 is deprecated # macos-11 is deprecated
# macos-11: # macos-11:

3
.github/workflows/publish_documentation.yml vendored
View File

@ -15,6 +15,9 @@ concurrency:
group: documentation group: documentation
cancel-in-progress: false cancel-in-progress: false
permissions:
contents: read
jobs: jobs:
publish_documentation: publish_documentation:
permissions: permissions:

3
.github/workflows/scorecards.yml vendored
View File

@ -14,6 +14,9 @@ on:
push: push:
branches: ["develop"] branches: ["develop"]
permissions:
contents: read
jobs: jobs:
analysis: analysis:
name: Scorecard analysis name: Scorecard analysis