successfully changed the Level-1/code.yml #69
Conversation
|
@dduzgun-security What do you think? |
There was a problem hiding this comment.
I think it would be good if we keep the permissions section since it restricts the default GITHUB_TOKEN permission used in the GitHub Action to only contents: read.
There was a problem hiding this comment.
Good idea to remove the Check out code step here. It would be nice to mention it as an item below in the Solution Explanation. Maybe something like: # 7. Think about removing unnecessary steps in the GitHub Actions.
Note
In this example the checkout step copies the code in a GitHub runner but we actually don't need that step to run a simple curl. Removing it reduces the code of being copied (gain in time) and therefore reduces the potential risk of code exposure if an attacker has access to the runner or finds a way to exploit the actions/checkout GitHub Action (gain in security).
|
Thank you @dduzgun-security, feel free to suggest code + solution additions in the PR, make sure that you test too and I will review at the end to accept :-) Thanks! |
|
👋 Hey @Debshibraj123, what do you think about the requested changes? I would have loved to suggest code change but it doesn't allow on removed lines of code. |
|
@Debshibraj123 any updates here please? |
|
Guys i am a beginner, this suddenly appeared in my pull request. What is this? Someone tell me. |
|
What are these comments and commits related to? |
|
@nxhettry don't worry my friend, nothing to do here for you |
Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
Summary
Changes
Closes:
Task list