Skip to content

Rule suggestion: Explicit permissions for jobs #525

New issue
New issue
Open
Open
Rule suggestion: Explicit permissions for jobs#525
@jessehouwing

Description

@jessehouwing
jessehouwing
opened on Mar 21, 2025

For security it's better if people use least privilege. I'd love a set of rules to select minimal permissions.

For workflows with multiple jobs, set top level permissions to none

permissions: {}

and require specific permissions per job

jobs:
  job-name:
    permissions: read-all

For workflows with a single job, this might be overkill and could set the permissions at top level, instead of job level.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions