mirror of
https://github.com/kubernetes-sigs/kustomize.git
synced 2026-05-17 18:25:26 +00:00
c743f13d0d
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions Setting token permissions to read-only follows the principle of least privilege. This is important because attackers may use a compromised token with write access to push malicious code into the project. https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions