Skip to content

Commit cea3c17

Browse files
pmathew92pmathew92
authored
changed pull_request_target to pull_request for better security in workflow (#758)
2 parents d8ac49e + 886ba6c commit cea3c17

File tree

3 files changed

+6
-19
lines changed

3 files changed

+6
-19
lines changed

.github/workflows/semgrep.yml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ name: Semgrep
22

33
on:
44
merge_group:
5-
pull_request_target:
5+
pull_request:
66
types:
77
- opened
88
- synchronize
@@ -20,15 +20,8 @@ concurrency:
2020
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
2121

2222
jobs:
23-
authorize:
24-
name: Authorize
25-
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
26-
runs-on: ubuntu-latest
27-
steps:
28-
- run: true
2923

3024
run:
31-
needs: authorize # Require approval before running on forked pull requests
3225

3326
name: Check for Vulnerabilities
3427
runs-on: ubuntu-latest

.github/workflows/snyk.yml

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: Snyk
33
on:
44
merge_group:
55
workflow_dispatch:
6-
pull_request_target:
6+
pull_request:
77
types:
88
- opened
99
- synchronize
@@ -21,15 +21,9 @@ concurrency:
2121
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
2222

2323
jobs:
24-
authorize:
25-
name: Authorize
26-
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
27-
runs-on: ubuntu-latest
28-
steps:
29-
- run: true
24+
3025

3126
check:
32-
needs: authorize
3327

3428
name: Check for Vulnerabilities
3529
runs-on: ubuntu-latest

.snyk

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,16 +5,16 @@ ignore:
55
SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135:
66
- '*':
77
reason: Latest version of dokka has this vulnerability
8-
expires: 2024-08-31T12:08:37.765Z
8+
expires: 2024-10-31T12:19:35.000Z
99
created: 2024-08-01T12:08:37.770Z
1010
SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
1111
- '*':
1212
reason: Latest version of dokka has this vulnerability
13-
expires: 2024-08-31T12:08:55.924Z
13+
expires: 2024-10-31T12:19:35.000Z
1414
created: 2024-08-01T12:08:55.927Z
1515
SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538:
1616
- '*':
1717
reason: Latest version of dokka has this vulnerability
18-
expires: 2024-08-31T12:08:02.966Z
18+
expires: 2024-10-31T12:19:35.000Z
1919
created: 2024-08-01T12:08:02.973Z
2020
patch: {}

0 commit comments

Comments
 (0)