Skip to content

Commit 8788533

Browse files
monperrusmonperrus
authored
Update recommendations-chains.md
1 parent 1bf80aa commit 8788533

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

recommendations-chains.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,10 @@ CHAINS recommendations are meant to be directly applicable, with state of the ar
2121
- CHAINS recommends the usage of static vulnerability scanners on all commits of the main branch. This contributes to protecting against insider attacks (eg [xz](https://research.swtch.com/xz-timeline)).
2222
- CHAINS recommends disabling dynamic evaluation of code (aka eval) in production
2323
- In NodeJS, this is `--disallow-code-generation-from-strings` [doc](https://nodejs.org/api/cli.html#--disallow-code-generation-from-strings)
24+
- CHAINS recommends taking care of Github organization permissions:
25+
- Do not use default "Allow all actions and reusable workflows"
26+
- Do not use "Require approval for all external contributor" for CI workflows
27+
- Do no use default "Read and write permissions" for token permissions
2428

2529
## CHAINS Encourages
2630

0 commit comments

Comments
 (0)