Skip to content

chore(ci): Harden GitHub Actions token permissions #24450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
step-security-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(ci): Harden GitHub Actions token permissions #24450

step-security-bot wants to merge 1 commit into from
+27 −0

Conversation

@step-security-bot
Copy link

@step-security-bot step-security-bot commented Jan 6, 2026

Summary

This pull request is created by StepSecurity at the request of @thomasqueirozb. Please merge the Pull Request to incorporate the requested changes. Please tag @thomasqueirozb on your message if you have any questions related to the PR.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN.

Feedback

For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot [email protected]

@step-security-bot step-security-bot requested a review from a team as a code owner January 6, 2026 15:25
@github-actions github-actions bot added the domain: ci Anything related to Vector's CI environment label Jan 6, 2026
@github-actions
Copy link

github-actions bot commented Jan 6, 2026


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@thomasqueirozb thomasqueirozb added the no-changelog Changes in this PR do not need user-facing explanations in the release changelog label Jan 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

domain: ci Anything related to Vector's CI environment no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@step-security-bot @thomasqueirozb