wazuh/wazuh-indexer-plugins
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-indexer-plugins.git synced 2025-12-11 02:29:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Reduce risk of GITHUB_TOKEN exposure (#484)

Browse Source 
* Add permissions to the workflows to mitigate the risk of exposing the GITHUB_TOKEN

* Update CHANGELOG.md

Signed-off-by: Jorge Sánchez <jorge.sanchez@wazuh.com>

* Add restrictions to workflows using upload-artifact action

* Update .github/workflows/5_builderpackage_plugins.yml

Signed-off-by: Álex Ruiz Becerra <alex-r-b@hotmail.com>

---------

Signed-off-by: Jorge Sánchez <jorge.sanchez@wazuh.com>
Signed-off-by: Álex Ruiz Becerra <alex-r-b@hotmail.com>
Co-authored-by: Álex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>
This commit is contained in:
Jorge Sánchez 2025-06-11 13:29:57 +02:00 committed by GitHub
parent fe2123b136
commit 0c46a121e1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/5_builderpackage_plugins.yml vendored
View File

@ -50,6 +50,8 @@ on:
jobs:
build:
runs-on: ubuntu-24.04
permissions:
actions: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4

3
.github/workflows/5_builderpackage_templates.yml vendored
View File

@ -9,6 +9,9 @@ jobs:
run-ecs-generator:
if: github.repository == 'wazuh/wazuh-indexer-plugins'
runs-on: ubuntu-24.04
permissions:
actions: read
contents: write
env:
output_folder: /tmp/ecs-templates

2
.github/workflows/5_codequality_changelog.yml vendored
View File

@ -8,6 +8,8 @@ jobs:
verify-changelog:
if: github.repository == 'wazuh/wazuh-indexer-plugins'
runs-on: ubuntu-24.04
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:

3
.github/workflows/5_codequality_links.yml vendored
View File

@ -5,7 +5,8 @@ on:
jobs:
linkchecker:
runs-on: ubuntu-24.04
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: lychee Link Checker

2
CHANGELOG.md
View File

@ -31,6 +31,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Improve ECS folder structure [(#473)](https://github.com/wazuh/wazuh-indexer-plugins/pull/473)
### Security
-
- Reduce risk of GITHUB_TOKEN exposure [(#484)](https://github.com/wazuh/wazuh-indexer-plugins/pull/484)
[Unreleased 5.0.x]: https://github.com/wazuh/wazuh-indexer-plugins/compare/main...main