Harden GITHUB_TOKEN permissions
Signed-off-by: Craig Ingram <cjingram@google.com>
This commit is contained in:
Craig Ingram
3
.github/workflows/fuzz.yml
vendored
3
.github/workflows/fuzz.yml
vendored
@@ -1,5 +1,8 @@
|
||||
name: Fuzzing
|
||||
on: [pull_request]
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
# Run all fuzzing tests. Some of them use Go 1.18's testing.F.
|
||||
# Others use https://github.com/AdaLogics/go-fuzz-headers.
|
||||
|
||||
Reference in New Issue
Block a user